GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
368 advisories
Filter by severity
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce...
High
Unreviewed
CVE-2023-6336
was published
Jan 16, 2024
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can...
High
Unreviewed
CVE-2023-42137
was published
Jan 15, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0...
High
Unreviewed
CVE-2023-31003
was published
Jan 11, 2024
Visual Studio Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-20656
was published
Jan 9, 2024
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January...
High
Unreviewed
CVE-2024-0206
was published
Jan 9, 2024
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL...
High
Unreviewed
CVE-2023-28872
was published
Dec 25, 2023
Buildkite Elastic CI for AWS symbolic link following vulnerability
High
CVE-2023-43116
was published
for
github.com/buildkite/elastic-ci-stack-for-aws/v6
(Go)
Dec 22, 2023
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete...
High
Unreviewed
CVE-2023-28868
was published
Dec 9, 2023
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to...
High
Unreviewed
CVE-2023-43590
was published
Nov 15, 2023
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary...
High
Unreviewed
CVE-2020-28407
was published
Nov 3, 2023
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video...
High
Unreviewed
CVE-2018-17559
was published
Oct 27, 2023
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma...
High
Unreviewed
CVE-2023-42844
was published
Oct 25, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
High
CVE-2023-46654
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
Oct 25, 2023
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside...
High
Unreviewed
CVE-2023-28797
was published
Oct 23, 2023
1E Client installer can perform arbitrary file deletion on protected files.
A non-privileged...
High
Unreviewed
CVE-2023-45159
was published
Oct 5, 2023
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux...
High
Unreviewed
CVE-2023-32182
was published
Sep 19, 2023
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-32163
was published
Sep 6, 2023
Local privilege escalation during installation due to improper soft link handling. The following...
High
Unreviewed
CVE-2022-46869
was published
Aug 31, 2023
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain...
High
Unreviewed
CVE-2023-34723
was published
Aug 26, 2023
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a...
High
Unreviewed
CVE-2019-13689
was published
Aug 25, 2023
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
High
Unreviewed
CVE-2022-48579
was published
Aug 7, 2023
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an...
High
Unreviewed
CVE-2023-28065
was published
Jun 23, 2023
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain...
High
Unreviewed
CVE-2023-28071
was published
Jun 23, 2023
RenderDoc through 1.26 allows local privilege escalation via a symlink attack.
High
Unreviewed
CVE-2023-33865
was published
Jun 7, 2023
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90...
High
Unreviewed
CVE-2023-2939
was published
May 31, 2023
ProTip!
Advisories are also available from the
GraphQL API