Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,001 advisories

Loading
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server... Moderate Unreviewed
CVE-2023-39246 was published Nov 16, 2023
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to... High Unreviewed
CVE-2023-43590 was published Nov 15, 2023
Froxlor Improper Input Validation vulnerability Critical
CVE-2023-6069 was published for froxlor/froxlor (Composer) Nov 10, 2023
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary... High Unreviewed
CVE-2020-28407 was published Nov 3, 2023
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability Low
CVE-2023-5834 was published for github.com/hashicorp/vagrant (Go) Oct 28, 2023
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video... High Unreviewed
CVE-2018-17559 was published Oct 27, 2023
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma... High Unreviewed
CVE-2023-42844 was published Oct 25, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion High
CVE-2023-46654 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read Moderate
CVE-2023-46655 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside... High Unreviewed
CVE-2023-28797 was published Oct 23, 2023
1E Client installer can perform arbitrary file deletion on protected files.   A non-privileged... High Unreviewed
CVE-2023-45159 was published Oct 5, 2023
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... Moderate Unreviewed
CVE-2023-41968 was published Sep 27, 2023
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux... High Unreviewed
CVE-2023-32182 was published Sep 19, 2023
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-32163 was published Sep 6, 2023
Local privilege escalation during installation due to improper soft link handling. The following... High Unreviewed
CVE-2022-46869 was published Aug 31, 2023
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain... High Unreviewed
CVE-2023-34723 was published Aug 26, 2023
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a... High Unreviewed
CVE-2019-13689 was published Aug 25, 2023
Ghost vulnerable to arbitrary file read via symlinks in content import Moderate
CVE-2023-40028 was published for ghost (npm) Aug 15, 2023
ixSly
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. High Unreviewed
CVE-2022-48579 was published Aug 7, 2023
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for... Critical Unreviewed
CVE-2023-39107 was published Aug 4, 2023
A website could have obscured the full screen notification by using a URL with a scheme handled... Moderate Unreviewed
CVE-2023-4053 was published Aug 1, 2023
The Firefox updater created a directory writable by non-privileged users. When uninstalling... Moderate Unreviewed
CVE-2023-4052 was published Aug 1, 2023
Uploading files which contain symlinks may have allowed an attacker to trick a user into... Moderate Unreviewed
CVE-2023-37206 was published Jul 5, 2023
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could... Moderate Unreviewed
CVE-2023-32556 was published Jun 27, 2023
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an... High Unreviewed
CVE-2023-28065 was published Jun 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database