Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

429 advisories

Loading
Ghost vulnerable to arbitrary file read via symlinks in content import Moderate
CVE-2023-40028 was published for ghost (npm) Aug 15, 2023
ixSly
The Firefox updater created a directory writable by non-privileged users. When uninstalling... Moderate Unreviewed
CVE-2023-4052 was published Aug 1, 2023
A website could have obscured the full screen notification by using a URL with a scheme handled... Moderate Unreviewed
CVE-2023-4053 was published Aug 1, 2023
Uploading files which contain symlinks may have allowed an attacker to trick a user into... Moderate Unreviewed
CVE-2023-37206 was published Jul 5, 2023
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could... Moderate Unreviewed
CVE-2023-32556 was published Jun 27, 2023
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of... Moderate Unreviewed
CVE-2023-34204 was published May 30, 2023
An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions... Moderate Unreviewed
CVE-2023-28141 was published Apr 18, 2023
An Improper Link Resolution Before File Access vulnerability in console port access of Juniper... Moderate Unreviewed
CVE-2023-28972 was published Apr 18, 2023
Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability... Moderate Unreviewed
CVE-2022-43293 was published Apr 11, 2023
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to... Moderate Unreviewed
CVE-2023-24577 was published Mar 13, 2023
A validation issue existed in the handling of symlinks. This issue was addressed with improved... Moderate Unreviewed
CVE-2022-22582 was published Feb 27, 2023
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local... Moderate Unreviewed
CVE-2023-23558 was published Feb 16, 2023
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the... Moderate Unreviewed
CVE-2022-42291 was published Feb 7, 2023
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0... Moderate Unreviewed
CVE-2022-45440 was published Jan 17, 2023
A symlink following vulnerability was found in Samba, where a user can create a symbolic link... Moderate Unreviewed
CVE-2022-3592 was published Jan 12, 2023
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. Moderate Unreviewed
CVE-2022-38482 was published Jan 10, 2023
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following Moderate
CVE-2021-4287 was published for binwalk (pip) Dec 27, 2022
Buildah (as part of Podman) vulnerable to Link Following Moderate
CVE-2022-4122 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
guidobonomi
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a... Moderate Unreviewed
CVE-2009-1142 was published Nov 23, 2022
Armoury Crate Service’s logging function has insufficient validation to check if the log file is... Moderate Unreviewed
CVE-2022-38699 was published Sep 29, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed
CVE-2022-0029 was published Sep 15, 2022
In vow, there is a possible information disclosure due to a symbolic link following. This could... Moderate Unreviewed
CVE-2022-26456 was published Sep 7, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... Moderate Unreviewed
CVE-2022-2898 was published Sep 1, 2022
ProTip! Advisories are also available from the GraphQL API