Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

164 advisories

Loading
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks Low Unreviewed
CVE-2013-4184 was published May 5, 2022
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers,... Low Unreviewed
CVE-2003-1233 was published Apr 29, 2022
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode... Low Unreviewed
CVE-2003-0844 was published Apr 29, 2022
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite... Low Unreviewed
CVE-2005-0587 was published May 1, 2022
Puppet arbitrary files overwrite via a symlink attack Low
CVE-2010-0156 was published for puppet (RubyGems) May 2, 2022
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack... Low Unreviewed
CVE-2005-1879 was published May 1, 2022
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is... Low Unreviewed
CVE-2005-0824 was published May 1, 2022
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files... Low Unreviewed
CVE-2005-1916 was published May 1, 2022
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows... Low Unreviewed
CVE-1999-1386 was published Apr 30, 2022
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack... Low Unreviewed
CVE-2005-1880 was published May 1, 2022
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red... Low Unreviewed
CVE-2004-0217 was published Apr 29, 2022
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary... Low Unreviewed
CVE-2001-1494 was published Apr 30, 2022
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an... Low Unreviewed
CVE-2000-1178 was published Apr 30, 2022
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a... Low Unreviewed
CVE-2000-0972 was published Apr 30, 2022
Virtualenv Allows Symlink Attack on /tmp/ Low
CVE-2011-4617 was published for virtualenv (pip) May 17, 2022
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application... Low Unreviewed
CVE-2020-16853 was published May 24, 2022
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application... Low Unreviewed
CVE-2020-16851 was published May 24, 2022
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability Low
CVE-2023-5834 was published for github.com/hashicorp/vagrant (Go) Oct 28, 2023
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete... Low Unreviewed
CVE-2023-23697 was published Feb 13, 2023
Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary... Low Unreviewed
CVE-2023-24572 was published Feb 13, 2023
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron)... Low Unreviewed
CVE-2010-0424 was published May 2, 2022
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows... Low Unreviewed
CVE-2011-0541 was published May 17, 2022
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a... Low Unreviewed
CVE-2012-1088 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API