GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
447 advisories
Filter by severity
An Improper Link Resolution Before File Access vulnerability in console port access of Juniper...
Moderate
Unreviewed
CVE-2023-28972
was published
Apr 18, 2023
Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability...
Moderate
Unreviewed
CVE-2022-43293
was published
Apr 11, 2023
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to...
Moderate
Unreviewed
CVE-2023-24577
was published
Mar 13, 2023
A validation issue existed in the handling of symlinks. This issue was addressed with improved...
Moderate
Unreviewed
CVE-2022-22582
was published
Feb 27, 2023
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local...
Moderate
Unreviewed
CVE-2023-23558
was published
Feb 16, 2023
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the...
Moderate
Unreviewed
CVE-2022-42291
was published
Feb 7, 2023
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0...
Moderate
Unreviewed
CVE-2022-45440
was published
Jan 17, 2023
A symlink following vulnerability was found in Samba, where a user can create a symbolic link...
Moderate
Unreviewed
CVE-2022-3592
was published
Jan 12, 2023
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.
Moderate
Unreviewed
CVE-2022-38482
was published
Jan 10, 2023
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
Moderate
CVE-2021-4287
was published
for
binwalk
(pip)
Dec 27, 2022
Buildah (as part of Podman) vulnerable to Link Following
Moderate
CVE-2022-4122
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a...
Moderate
Unreviewed
CVE-2009-1142
was published
Nov 23, 2022
Armoury Crate Service’s logging function has insufficient validation to check if the log file is...
Moderate
Unreviewed
CVE-2022-38699
was published
Sep 29, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Moderate
CVE-2022-39215
was published
for
tauri
(Rust)
Sep 16, 2022
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows...
Moderate
Unreviewed
CVE-2022-0029
was published
Sep 15, 2022
In vow, there is a possible information disclosure due to a symbolic link following. This could...
Moderate
Unreviewed
CVE-2022-26456
was published
Sep 7, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file...
Moderate
Unreviewed
CVE-2022-2898
was published
Sep 1, 2022
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to...
Moderate
Unreviewed
CVE-2021-35937
was published
Aug 26, 2022
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable...
Moderate
Unreviewed
CVE-2022-35631
was published
Jul 30, 2022
In sound driver, there is a possible information disclosure due to symlink following. This could...
Moderate
Unreviewed
CVE-2022-21770
was published
Jul 7, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed...
Moderate
Unreviewed
CVE-2022-26688
was published
May 27, 2022
A security vulnerability that can lead to local privilege escalation has been found in ’guix...
Moderate
Unreviewed
CVE-2021-27851
was published
May 24, 2022
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG...
Moderate
Unreviewed
CVE-2021-3641
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API