GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Moderate
CVE-2024-47877
was published
for
github.com/codeclysm/extract
(Go)
Oct 11, 2024
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia...
High
Unreviewed
CVE-2024-44132
was published
Sep 17, 2024
runc can be confused to create empty files/directories on the host
Low
CVE-2024-45310
was published
for
github.com/opencontainers/runc
(Go)
Sep 3, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink)...
Moderate
Unreviewed
CVE-2024-39578
was published
Aug 31, 2024
In aiohttp, compressed files as symlinks are not protected from path traversal
Moderate
CVE-2024-42367
was published
for
aiohttp
(pip)
Aug 9, 2024
An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows...
High
Unreviewed
CVE-2024-22014
was published
Apr 15, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink)...
Moderate
Unreviewed
CVE-2024-25952
was published
Mar 28, 2024
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink)...
Moderate
Unreviewed
CVE-2024-25953
was published
Mar 28, 2024
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp...
High
Unreviewed
CVE-2023-41969
was published
Mar 26, 2024
Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52...
High
Unreviewed
CVE-2024-1933
was published
Mar 26, 2024
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma...
High
Unreviewed
CVE-2024-23285
was published
Mar 8, 2024
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server...
Moderate
Unreviewed
CVE-2023-39246
was published
Nov 16, 2023
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following
High
CVE-2023-25152
was published
for
github.com/pterodactyl/wings
(Go)
Feb 8, 2023
A symlink following vulnerability was found in Samba, where a user can create a symbolic link...
Moderate
Unreviewed
CVE-2022-3592
was published
Jan 12, 2023
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
Moderate
CVE-2021-4287
was published
for
binwalk
(pip)
Dec 27, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of...
High
Unreviewed
CVE-2021-32000
was published
May 24, 2022
A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a...
High
Unreviewed
CVE-2021-32518
was published
May 24, 2022
Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote...
Moderate
Unreviewed
CVE-2021-32509
was published
May 24, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise...
High
Unreviewed
CVE-2021-25321
was published
May 24, 2022
a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2,...
High
Unreviewed
CVE-2021-31997
was published
May 24, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2...
High
Unreviewed
CVE-2021-25322
was published
May 24, 2022
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it...
High
Unreviewed
CVE-2020-15075
was published
May 24, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Moderate
CVE-2022-24904
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 23, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman...
High
Unreviewed
CVE-2022-21944
was published
Jan 27, 2022
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
High
CVE-2021-39134
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
ProTip!
Advisories are also available from the
GraphQL API