GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
Link Following in github.com/containers/common
Moderate
CVE-2024-9341
was published
for
github.com/containers/common
(Go)
Oct 1, 2024
snapd failed to properly check the destination of symbolic links when extracting a snap
Low
CVE-2024-29069
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability
High
CVE-2024-38081
was published
for
Microsoft.IO.Redist
(NuGet)
Jul 9, 2024
Podman affected by CVE-2024-1753 container escape at build time
Moderate
CVE-2024-1753
was published
for
github.com/containers/podman/v4
(Go)
Mar 28, 2024
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
High
CVE-2024-29188
was published
for
WixToolset.Util.wixext
(NuGet)
Mar 25, 2024
HashiCorp Nomad vulnerable to symlink attacks
High
CVE-2024-1329
was published
for
github.com/hashicorp/nomad
(Go)
Feb 8, 2024
Buildkite Elastic CI for AWS symbolic link following vulnerability
High
CVE-2023-43116
was published
for
github.com/buildkite/elastic-ci-stack-for-aws/v6
(Go)
Dec 22, 2023
Froxlor Improper Input Validation vulnerability
Critical
CVE-2023-6069
was published
for
froxlor/froxlor
(Composer)
Nov 10, 2023
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Low
CVE-2023-5834
was published
for
github.com/hashicorp/vagrant
(Go)
Oct 28, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
High
CVE-2023-46654
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
Oct 25, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read
Moderate
CVE-2023-46655
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
Oct 25, 2023
Ghost vulnerable to arbitrary file read via symlinks in content import
Moderate
CVE-2023-40028
was published
for
ghost
(npm)
Aug 15, 2023
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
cloudflared's Installer has Local Privilege Escalation Vulnerability
High
CVE-2023-1314
was published
for
github.com/cloudflare/cloudflared
(Go)
Mar 21, 2023
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system
Critical
CVE-2023-25168
was published
for
github.com/pterodactyl/wings
(Go)
Feb 10, 2023
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following
High
CVE-2023-25152
was published
for
github.com/pterodactyl/wings
(Go)
Feb 8, 2023
Unsafe tar unpacking in HashiCorp go-slug
High
CVE-2020-29529
was published
for
github.com/hashicorp/go-slug
(Go)
Feb 6, 2023
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
Moderate
CVE-2021-4287
was published
for
binwalk
(pip)
Dec 27, 2022
Buildah (as part of Podman) vulnerable to Link Following
Moderate
CVE-2022-4122
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Moderate
CVE-2022-39215
was published
for
tauri
(Rust)
Sep 16, 2022
Cargo extracting malicious crates can corrupt arbitrary files
Low
CVE-2022-36113
was published
for
cargo
(Rust)
Sep 16, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21686
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API