GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
433 advisories
Filter by severity
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan...
Moderate
Unreviewed
CVE-2023-51654
was published
Dec 26, 2023
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry...
Moderate
Unreviewed
CVE-2023-28871
was published
Dec 9, 2023
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents...
Moderate
Unreviewed
CVE-2023-28869
was published
Dec 9, 2023
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server...
Moderate
Unreviewed
CVE-2023-39246
was published
Nov 16, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read
Moderate
CVE-2023-46655
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
Oct 25, 2023
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2023-41968
was published
Sep 27, 2023
Ghost vulnerable to arbitrary file read via symlinks in content import
Moderate
CVE-2023-40028
was published
for
ghost
(npm)
Aug 15, 2023
A website could have obscured the full screen notification by using a URL with a scheme handled...
Moderate
Unreviewed
CVE-2023-4053
was published
Aug 1, 2023
The Firefox updater created a directory writable by non-privileged users. When uninstalling...
Moderate
Unreviewed
CVE-2023-4052
was published
Aug 1, 2023
Uploading files which contain symlinks may have allowed an attacker to trick a user into...
Moderate
Unreviewed
CVE-2023-37206
was published
Jul 5, 2023
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could...
Moderate
Unreviewed
CVE-2023-32556
was published
Jun 27, 2023
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of...
Moderate
Unreviewed
CVE-2023-34204
was published
May 30, 2023
An NTFS Junction condition exists in the Qualys Cloud Agent
for Windows platform in versions...
Moderate
Unreviewed
CVE-2023-28141
was published
Apr 18, 2023
An Improper Link Resolution Before File Access vulnerability in console port access of Juniper...
Moderate
Unreviewed
CVE-2023-28972
was published
Apr 18, 2023
Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability...
Moderate
Unreviewed
CVE-2022-43293
was published
Apr 11, 2023
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to...
Moderate
Unreviewed
CVE-2023-24577
was published
Mar 13, 2023
A validation issue existed in the handling of symlinks. This issue was addressed with improved...
Moderate
Unreviewed
CVE-2022-22582
was published
Feb 27, 2023
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local...
Moderate
Unreviewed
CVE-2023-23558
was published
Feb 16, 2023
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the...
Moderate
Unreviewed
CVE-2022-42291
was published
Feb 7, 2023
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0...
Moderate
Unreviewed
CVE-2022-45440
was published
Jan 17, 2023
A symlink following vulnerability was found in Samba, where a user can create a symbolic link...
Moderate
Unreviewed
CVE-2022-3592
was published
Jan 12, 2023
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.
Moderate
Unreviewed
CVE-2022-38482
was published
Jan 10, 2023
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
Moderate
CVE-2021-4287
was published
for
binwalk
(pip)
Dec 27, 2022
Buildah (as part of Podman) vulnerable to Link Following
Moderate
CVE-2022-4122
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
ProTip!
Advisories are also available from the
GraphQL API