GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
102 advisories
Filter by severity
Improper Link Resolution Before File Access in logilab-commons
High
CVE-2014-1838
was published
for
logilab-common
(pip)
May 14, 2022
HashiCorp Nomad vulnerable to symlink attacks
High
CVE-2024-1329
was published
for
github.com/hashicorp/nomad
(Go)
Feb 8, 2024
Mercurial Path Traversal/Link Following vulnerability
Moderate
CVE-2019-3902
was published
for
mercurial
(pip)
Feb 15, 2022
Mercurial missing symlink check
High
CVE-2017-1000115
was published
for
mercurial
(pip)
May 14, 2022
Ansible Sandbox Escape via Symlink Attack
High
CVE-2015-6240
was published
for
ansible
(pip)
May 13, 2022
snapd failed to properly check the destination of symbolic links when extracting a snap
Moderate
CVE-2024-29069
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability
High
CVE-2024-38081
was published
for
Microsoft.IO.Redist
(NuGet)
Jul 9, 2024
Openstack DBaaS (Trove) Improper Link Resolution Before File Access
Moderate
CVE-2015-3156
was published
for
trove
(pip)
May 17, 2022
instack-undercloud vulnerable to symlink attack on tmp files
Moderate
CVE-2017-7549
was published
for
instack-undercloud
(pip)
May 13, 2022
SaltStack Salt Insecure Temporary File Creation
High
CVE-2014-3563
was published
for
salt
(pip)
May 17, 2022
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
High
CVE-2024-29188
was published
for
WixToolset.Util.wixext
(NuGet)
Mar 25, 2024
Moodle vulnerable to symlink attack
Moderate
CVE-2008-5153
was published
for
moodle/moodle
(Composer)
May 17, 2022
Joomla! Open Redirect vulnerability
High
CVE-2008-3227
was published
for
joomla/framework
(Composer)
May 1, 2022
ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack
Moderate
CVE-2010-4338
was published
for
ocrodjvu
(pip)
May 17, 2022
Puppet arbitrary files overwrite via a symlink attack
Low
CVE-2010-0156
was published
for
puppet
(RubyGems)
May 2, 2022
Buildah (as part of Podman) vulnerable to Link Following
Moderate
CVE-2022-4122
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37712
was published
for
tar
(npm)
Aug 31, 2021
Typo3 Open Redirect In Frontend Rendering
Moderate
CVE-2014-9508
was published
for
typo3/cms
(Composer)
May 17, 2022
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37701
was published
for
tar
(npm)
Aug 31, 2021
Arbitrary File Write in Libcontainer
High
CVE-2015-3629
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
High
CVE-2021-32803
was published
for
tar
(npm)
Aug 3, 2021
Puppet allows local users to modify the permissions of arbitrary files
Moderate
CVE-2011-3870
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet arbitrary file overwrite
Moderate
CVE-2011-3869
was published
for
puppet
(RubyGems)
May 14, 2022
Fabric vulnerable to symlink attack on tmp files
Moderate
CVE-2011-2185
was published
for
fabric
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API