Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,201
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

438 advisories

Loading
A symlink following vulnerability was found in Samba, where a user can create a symbolic link... Moderate Unreviewed
CVE-2022-3592 was published Jan 12, 2023
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. Moderate Unreviewed
CVE-2022-38482 was published Jan 10, 2023
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following Moderate
CVE-2021-4287 was published for binwalk (pip) Dec 27, 2022
Buildah (as part of Podman) vulnerable to Link Following Moderate
CVE-2022-4122 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
guidobonomi
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a... Moderate Unreviewed
CVE-2009-1142 was published Nov 23, 2022
Armoury Crate Service’s logging function has insufficient validation to check if the log file is... Moderate Unreviewed
CVE-2022-38699 was published Sep 29, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed
CVE-2022-0029 was published Sep 15, 2022
In vow, there is a possible information disclosure due to a symbolic link following. This could... Moderate Unreviewed
CVE-2022-26456 was published Sep 7, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... Moderate Unreviewed
CVE-2022-2898 was published Sep 1, 2022
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to... Moderate Unreviewed
CVE-2021-35937 was published Aug 26, 2022
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable... Moderate Unreviewed
CVE-2022-35631 was published Jul 30, 2022
In sound driver, there is a possible information disclosure due to symlink following. This could... Moderate Unreviewed
CVE-2022-21770 was published Jul 7, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed... Moderate Unreviewed
CVE-2022-26688 was published May 27, 2022
A security vulnerability that can lead to local privilege escalation has been found in ’guix... Moderate Unreviewed
CVE-2021-27851 was published May 24, 2022
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG... Moderate Unreviewed
CVE-2021-3641 was published May 24, 2022
Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote... Moderate Unreviewed
CVE-2021-32508 was published May 24, 2022
Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote... Moderate Unreviewed
CVE-2021-32509 was published May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user... Moderate Unreviewed
CVE-2020-4885 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32550 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32547 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32551 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32548 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32549 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database