Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

959 advisories

Loading
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce... High Unreviewed
CVE-2023-6336 was published Jan 16, 2024
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42137 was published Jan 15, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... High Unreviewed
CVE-2023-31003 was published Jan 11, 2024
Visual Studio Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-20656 was published Jan 9, 2024
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January... High Unreviewed
CVE-2024-0206 was published Jan 9, 2024
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan... Moderate Unreviewed
CVE-2023-51654 was published Dec 26, 2023
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL... High Unreviewed
CVE-2023-28872 was published Dec 25, 2023
Buildkite Elastic CI for AWS symbolic link following vulnerability High
CVE-2023-43116 was published for github.com/buildkite/elastic-ci-stack-for-aws/v6 (Go) Dec 22, 2023
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry... Moderate Unreviewed
CVE-2023-28871 was published Dec 9, 2023
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents... Moderate Unreviewed
CVE-2023-28869 was published Dec 9, 2023
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete... High Unreviewed
CVE-2023-28868 was published Dec 9, 2023
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server... Moderate Unreviewed
CVE-2023-39246 was published Nov 16, 2023
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to... High Unreviewed
CVE-2023-43590 was published Nov 15, 2023
Froxlor Improper Input Validation vulnerability Critical
CVE-2023-6069 was published for froxlor/froxlor (Composer) Nov 10, 2023
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary... High Unreviewed
CVE-2020-28407 was published Nov 3, 2023
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability Low
CVE-2023-5834 was published for github.com/hashicorp/vagrant (Go) Oct 28, 2023
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video... High Unreviewed
CVE-2018-17559 was published Oct 27, 2023
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma... High Unreviewed
CVE-2023-42844 was published Oct 25, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read Moderate
CVE-2023-46655 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion High
CVE-2023-46654 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside... High Unreviewed
CVE-2023-28797 was published Oct 23, 2023
1E Client installer can perform arbitrary file deletion on protected files.   A non-privileged... High Unreviewed
CVE-2023-45159 was published Oct 5, 2023
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... Moderate Unreviewed
CVE-2023-41968 was published Sep 27, 2023
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux... High Unreviewed
CVE-2023-32182 was published Sep 19, 2023
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-32163 was published Sep 6, 2023
ProTip! Advisories are also available from the GraphQL API