Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

417 advisories

Loading
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL... High Unreviewed
CVE-2023-28872 was published Dec 25, 2023
Buildkite Elastic CI for AWS symbolic link following vulnerability High
CVE-2023-43116 was published for github.com/buildkite/elastic-ci-stack-for-aws/v6 (Go) Dec 22, 2023
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete... High Unreviewed
CVE-2023-28868 was published Dec 9, 2023
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to... High Unreviewed
CVE-2023-43590 was published Nov 15, 2023
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary... High Unreviewed
CVE-2020-28407 was published Nov 3, 2023
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video... High Unreviewed
CVE-2018-17559 was published Oct 27, 2023
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma... High Unreviewed
CVE-2023-42844 was published Oct 25, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion High
CVE-2023-46654 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside... High Unreviewed
CVE-2023-28797 was published Oct 23, 2023
1E Client installer can perform arbitrary file deletion on protected files.   A non-privileged... High Unreviewed
CVE-2023-45159 was published Oct 5, 2023
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux... High Unreviewed
CVE-2023-32182 was published Sep 19, 2023
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-32163 was published Sep 6, 2023
Local privilege escalation during installation due to improper soft link handling. The following... High Unreviewed
CVE-2022-46869 was published Aug 31, 2023
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain... High Unreviewed
CVE-2023-34723 was published Aug 26, 2023
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a... High Unreviewed
CVE-2019-13689 was published Aug 25, 2023
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. High Unreviewed
CVE-2022-48579 was published Aug 7, 2023
Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of... High Unreviewed
CVE-2023-27469 was published Jun 30, 2023
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an... High Unreviewed
CVE-2023-28065 was published Jun 23, 2023
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain... High Unreviewed
CVE-2023-28071 was published Jun 23, 2023
RenderDoc through 1.26 allows local privilege escalation via a symlink attack. High Unreviewed
CVE-2023-33865 was published Jun 7, 2023
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90... High Unreviewed
CVE-2023-2939 was published May 31, 2023
Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and... High Unreviewed
CVE-2023-33245 was published May 30, 2023
Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution... High Unreviewed
CVE-2023-27529 was published May 25, 2023
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv... High Unreviewed
CVE-2022-31647 was published Apr 27, 2023
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink... High Unreviewed
CVE-2022-34292 was published Apr 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database