GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Improper Link Resolution Before File Access in Suds
Moderate
CVE-2013-2217
was published
for
suds
(pip)
May 14, 2022
SoSReport Predictable Tmp File Names
High
CVE-2015-7529
was published
for
sosreport
(pip)
May 13, 2022
SaltStack Salt Insecure Temporary File Creation
High
CVE-2014-3563
was published
for
salt
(pip)
May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition
Low
CVE-2014-1624
was published
for
pyxdg
(pip)
May 17, 2022
Pyro mishandles pid files in temporary directory locations and opening the pid file as root
High
CVE-2011-2765
was published
for
pyro
(pip)
Aug 21, 2018
Improper Link Resolution Before File Access in pip
Moderate
CVE-2013-1888
was published
for
pip
(pip)
May 13, 2022
PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles
High
CVE-2014-1932
was published
for
pillow
(pip)
May 17, 2022
Numpy arbitrary file write via symlink attack
High
CVE-2014-1859
was published
for
numpy
(pip)
May 14, 2022
Improper Link Resolution Before File Access in logilab-commons
High
CVE-2014-1838
was published
for
logilab-common
(pip)
May 14, 2022
Mercurial Path Traversal/Link Following vulnerability
Moderate
CVE-2019-3902
was published
for
mercurial
(pip)
Feb 15, 2022
Mercurial missing symlink check
High
CVE-2017-1000115
was published
for
mercurial
(pip)
May 14, 2022
Ansible Sandbox Escape via Symlink Attack
High
CVE-2015-6240
was published
for
ansible
(pip)
May 13, 2022
Openstack DBaaS (Trove) Improper Link Resolution Before File Access
Moderate
CVE-2015-3156
was published
for
trove
(pip)
May 17, 2022
instack-undercloud vulnerable to symlink attack on tmp files
Moderate
CVE-2017-7549
was published
for
instack-undercloud
(pip)
May 13, 2022
ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack
Moderate
CVE-2010-4338
was published
for
ocrodjvu
(pip)
May 17, 2022
Fabric vulnerable to symlink attack on tmp files
Moderate
CVE-2011-2185
was published
for
fabric
(pip)
May 17, 2022
Virtualenv Allows Symlink Attack on /tmp/
Low
CVE-2011-4617
was published
for
virtualenv
(pip)
May 17, 2022
keycloak-httpd-client-install symlink attack vulnerability
Moderate
CVE-2017-15111
was published
for
keycloak-httpd-client-install
(pip)
May 14, 2022
eyeD3 is vulnerable to arbitrary file modification via symlink attack
Moderate
CVE-2014-1934
was published
for
eyeD3
(pip)
May 14, 2022
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
Moderate
CVE-2021-4287
was published
for
binwalk
(pip)
Dec 27, 2022
ProTip!
Advisories are also available from the
GraphQL API