GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,226
Erlang
31
GitHub Actions
19
Go
1,991
Maven
5,000+
npm
3,708
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
439 advisories
Filter by severity
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage...
Moderate
Unreviewed
CVE-2002-0725
was published
Apr 30, 2022
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends...
Moderate
Unreviewed
CVE-2001-1386
was published
Apr 30, 2022
Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by...
Moderate
Unreviewed
CVE-2001-1042
was published
Apr 30, 2022
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by...
Moderate
Unreviewed
CVE-2001-1043
was published
Apr 30, 2022
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as ...
Moderate
Unreviewed
CVE-2000-0342
was published
Apr 30, 2022
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client...
Moderate
Unreviewed
CVE-1999-0981
was published
Apr 30, 2022
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
Moderate
Unreviewed
CVE-1999-0794
was published
Apr 30, 2022
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device...
Moderate
Unreviewed
CVE-1999-0783
was published
Apr 30, 2022
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack...
Moderate
Unreviewed
CVE-2004-1901
was published
Apr 29, 2022
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files...
Moderate
Unreviewed
CVE-2004-1603
was published
Apr 29, 2022
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations,...
Moderate
Unreviewed
CVE-2004-0689
was published
Apr 29, 2022
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a...
Moderate
Unreviewed
CVE-2003-1492
was published
Apr 29, 2022
cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root,...
Moderate
Unreviewed
CVE-2003-0578
was published
Apr 29, 2022
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link...
Moderate
Unreviewed
CVE-2022-24372
was published
Apr 28, 2022
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink...
Moderate
Unreviewed
CVE-2012-1093
was published
Apr 23, 2022
Pacemaker before 1.1.6 configure script creates temporary files insecurely
Moderate
Unreviewed
CVE-2011-5271
was published
Apr 23, 2022
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of...
Moderate
Unreviewed
CVE-2011-2923
was published
Apr 22, 2022
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of...
Moderate
Unreviewed
CVE-2011-2924
was published
Apr 22, 2022
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.
Moderate
Unreviewed
CVE-2010-4817
was published
Apr 21, 2022
The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via...
Moderate
Unreviewed
CVE-2010-0398
was published
Apr 21, 2022
In mobile_log_d, there is a possible symbolic link following due to an improper link resolution....
Moderate
Unreviewed
CVE-2022-20068
was published
Apr 12, 2022
In connsyslogger, there is a possible symbolic link following due to improper link resolution....
Moderate
Unreviewed
CVE-2022-20050
was published
Mar 11, 2022
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink...
Moderate
Unreviewed
CVE-2021-44141
was published
Feb 22, 2022
Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2022-25177
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin
Moderate
CVE-2022-25176
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
ProTip!
Advisories are also available from the
GraphQL API