GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
39 advisories
Filter by severity
runc can be confused to create empty files/directories on the host
Moderate
CVE-2024-45310
was published
for
github.com/opencontainers/runc
(Go)
Sep 3, 2024
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia...
High
Unreviewed
CVE-2024-44132
was published
Sep 17, 2024
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Moderate
CVE-2024-47877
was published
for
github.com/codeclysm/extract
(Go)
Oct 11, 2024
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a...
Moderate
Unreviewed
CVE-2024-0134
was published
Nov 5, 2024
Sensitive information disclosure during file browsing due to improper soft link handling. The...
Low
Unreviewed
CVE-2024-34015
was published
Nov 11, 2024
Arbitrary file overwrite during recovery due to improper soft link handling. The following...
Moderate
Unreviewed
CVE-2024-34014
was published
Nov 11, 2024
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated...
Moderate
Unreviewed
CVE-2023-20093
was published
Nov 15, 2024
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated,...
Moderate
Unreviewed
CVE-2023-20091
was published
Nov 15, 2024
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated...
Moderate
Unreviewed
CVE-2023-20092
was published
Nov 15, 2024
Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability....
Moderate
Unreviewed
CVE-2024-52537
was published
Dec 11, 2024
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low...
Moderate
Unreviewed
CVE-2024-52542
was published
Dec 17, 2024
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution...
High
Unreviewed
CVE-2024-47480
was published
Dec 18, 2024
A vulnerability was found in Pagure. Support of symbolic links during repository archiving of...
High
Unreviewed
CVE-2024-47515
was published
Dec 24, 2024
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs...
High
Unreviewed
CVE-2024-52535
was published
Dec 25, 2024
ProTip!
Advisories are also available from the
GraphQL API