Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

43 advisories

Loading
pip's fallback tar extraction doesn't check symbolic links point to extraction directory Moderate
CVE-2025-8869 was published for pip (pip) Sep 24, 2025
cai0duque bentasker
swils23 ichard26
Credited to cai0duque, bentasker, swils23, and ichard26
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00
Credited to Mahmoud0x00
Script Injection in Show In Browser gem Moderate
CVE-2013-2105 was published for show_in_browser (RubyGems) Oct 24, 2017
Link Following in github.com/containers/common Moderate
CVE-2024-9341 was published for github.com/containers/common (Go) Oct 1, 2024
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
Credited to ssst0n3
Podman affected by CVE-2024-1753 container escape at build time Moderate
CVE-2024-1753 was published for github.com/containers/podman/v4 (Go) Mar 28, 2024
rmcnamara-snyk
Credited to rmcnamara-snyk
Virtualenv Allows Symlink Attack on /tmp/ Moderate
CVE-2011-4617 was published for virtualenv (pip) May 17, 2022
Improper Link Resolution Before File Access in Suds Moderate
CVE-2013-2217 was published for suds (pip) May 14, 2022
Link Following in rply Moderate
CVE-2014-1938 was published for rply (pip) Mar 11, 2020
Improper Link Resolution Before File Access in pip Moderate
CVE-2013-1888 was published for pip (pip) May 13, 2022
Mercurial Path Traversal/Link Following vulnerability Moderate
CVE-2019-3902 was published for mercurial (pip) Feb 15, 2022
Openstack DBaaS (Trove) Improper Link Resolution Before File Access Moderate
CVE-2015-3156 was published for trove (pip) May 17, 2022
instack-undercloud vulnerable to symlink attack on tmp files Moderate
CVE-2017-7549 was published for instack-undercloud (pip) May 13, 2022
Moodle vulnerable to symlink attack Moderate
CVE-2008-5153 was published for moodle/moodle (Composer) May 17, 2022
ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack Moderate
CVE-2010-4338 was published for ocrodjvu (pip) May 17, 2022
Buildah (as part of Podman) vulnerable to Link Following Moderate
CVE-2022-4122 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
guidobonomi
Credited to guidobonomi
Typo3 Open Redirect In Frontend Rendering Moderate
CVE-2014-9508 was published for typo3/cms (Composer) May 17, 2022
Puppet allows local users to modify the permissions of arbitrary files Moderate
CVE-2011-3870 was published for puppet (RubyGems) May 14, 2022
Puppet arbitrary file overwrite Moderate
CVE-2011-3869 was published for puppet (RubyGems) May 14, 2022
Fabric vulnerable to symlink attack on tmp files Moderate
CVE-2011-2185 was published for fabric (pip) May 17, 2022
Arbitrary file read vulnerability in workspace browsers in Jenkins Moderate
CVE-2021-21602 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read Moderate
CVE-2023-46655 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Ghost vulnerable to arbitrary file read via symlinks in content import Moderate
CVE-2023-40028 was published for ghost (npm) Aug 15, 2023
ixSly
Credited to ixSly
keycloak-httpd-client-install symlink attack vulnerability Moderate
CVE-2017-15111 was published for keycloak-httpd-client-install (pip) May 14, 2022
Podman Symlink Vulnerability Moderate
CVE-2019-18466 was published for github.com/containers/podman/v4 (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database