Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

167 advisories

Loading
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Low Unreviewed
CVE-2025-55188 was published Aug 8, 2025
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This... Low Unreviewed
CVE-2025-11489 was published Oct 8, 2025
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera
Credited to dellalibera
systemd, when updating file permissions, allows local users to change the permissions and SELinux... Low Unreviewed
CVE-2013-4392 was published May 13, 2022
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a... Low Unreviewed
CVE-2014-4703 was published May 17, 2022
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to... Low Unreviewed
CVE-2014-3981 was published May 17, 2022
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*... Low Unreviewed
CVE-2009-5082 was published May 2, 2022
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib... Low Unreviewed
CVE-2009-5080 was published May 2, 2022
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl... Low Unreviewed
CVE-2009-5081 was published May 2, 2022
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU... Low Unreviewed
CVE-2009-5079 was published May 2, 2022
emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary... Low Unreviewed
CVE-2010-2053 was published May 17, 2022
MySQL before 5.1.46 allows local users to delete the data and index files of another user's... Low Unreviewed
CVE-2010-1626 was published May 13, 2022
Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on... Low Unreviewed
CVE-2010-0118 was published May 2, 2022
fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on... Low Unreviewed
CVE-2010-0792 was published May 2, 2022
policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files... Low Unreviewed
CVE-2008-1569 was published May 1, 2022
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an... Low Unreviewed
CVE-2025-0146 was published Jan 30, 2025
GoLismero symlink attack Low
CVE-2012-0054 was published for golismero (pip) May 4, 2022
snapd failed to properly check the destination of symbolic links when extracting a snap Low
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks Low Unreviewed
CVE-2013-4184 was published May 5, 2022
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers,... Low Unreviewed
CVE-2003-1233 was published Apr 29, 2022
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode... Low Unreviewed
CVE-2003-0844 was published Apr 29, 2022
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite... Low Unreviewed
CVE-2005-0587 was published May 1, 2022
Puppet arbitrary files overwrite via a symlink attack Low
CVE-2010-0156 was published for puppet (RubyGems) May 2, 2022
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack... Low Unreviewed
CVE-2005-1879 was published May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database