GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
997 advisories
Filter by severity
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system
Critical
CVE-2023-25168
was published
for
github.com/pterodactyl/wings
(Go)
Feb 10, 2023
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following
High
CVE-2023-25152
was published
for
github.com/pterodactyl/wings
(Go)
Feb 8, 2023
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the...
Moderate
Unreviewed
CVE-2022-42291
was published
Feb 7, 2023
Unsafe tar unpacking in HashiCorp go-slug
High
CVE-2020-29529
was published
for
github.com/hashicorp/go-slug
(Go)
Feb 6, 2023
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an...
High
Unreviewed
CVE-2023-20008
was published
Jan 20, 2023
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0...
Moderate
Unreviewed
CVE-2022-45440
was published
Jan 17, 2023
A symlink following vulnerability was found in Samba, where a user can create a symbolic link...
Moderate
Unreviewed
CVE-2022-3592
was published
Jan 12, 2023
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.
Moderate
Unreviewed
CVE-2022-38482
was published
Jan 10, 2023
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
Moderate
CVE-2021-4287
was published
for
binwalk
(pip)
Dec 27, 2022
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and...
High
Unreviewed
CVE-2022-45798
was published
Dec 24, 2022
When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be...
High
Unreviewed
CVE-2022-45412
was published
Dec 22, 2022
A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical....
High
Unreviewed
CVE-2022-4563
was published
Dec 21, 2022
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code...
Critical
Unreviewed
CVE-2021-3942
was published
Dec 12, 2022
Buildah (as part of Podman) vulnerable to Link Following
Moderate
CVE-2022-4122
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended...
High
Unreviewed
CVE-2009-1143
was published
Nov 23, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a...
Moderate
Unreviewed
CVE-2009-1142
was published
Nov 23, 2022
Local privilege escalation due to improper soft link handling. The following products are...
High
Unreviewed
CVE-2022-44747
was published
Nov 8, 2022
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS...
High
Unreviewed
CVE-2022-32905
was published
Nov 2, 2022
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as...
High
Unreviewed
CVE-2022-41973
was published
Oct 29, 2022
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called...
High
Unreviewed
CVE-2022-31256
was published
Oct 26, 2022
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by...
High
Unreviewed
CVE-2022-42725
was published
Oct 10, 2022
Armoury Crate Service’s logging function has insufficient validation to check if the log file is...
Moderate
Unreviewed
CVE-2022-38699
was published
Sep 29, 2022
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security...
High
Unreviewed
CVE-2022-40710
was published
Sep 29, 2022
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission...
Critical
Unreviewed
CVE-2022-23144
was published
Sep 25, 2022
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with...
High
Unreviewed
CVE-2022-34893
was published
Sep 20, 2022
ProTip!
Advisories are also available from the
GraphQL API