Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

40 advisories

Loading
Virtualenv Allows Symlink Attack on /tmp/ Moderate
CVE-2011-4617 was published for virtualenv (pip) May 17, 2022
Link Following in github.com/containers/common Moderate
CVE-2024-9341 was published for github.com/containers/common (Go) Oct 1, 2024
Improper Link Resolution Before File Access in Suds Moderate
CVE-2013-2217 was published for suds (pip) May 14, 2022
Link Following in rply Moderate
CVE-2014-1938 was published for rply (pip) Mar 11, 2020
Improper Link Resolution Before File Access in pip Moderate
CVE-2013-1888 was published for pip (pip) May 13, 2022
Mercurial Path Traversal/Link Following vulnerability Moderate
CVE-2019-3902 was published for mercurial (pip) Feb 15, 2022
Openstack DBaaS (Trove) Improper Link Resolution Before File Access Moderate
CVE-2015-3156 was published for trove (pip) May 17, 2022
instack-undercloud vulnerable to symlink attack on tmp files Moderate
CVE-2017-7549 was published for instack-undercloud (pip) May 13, 2022
Moodle vulnerable to symlink attack Moderate
CVE-2008-5153 was published for moodle/moodle (Composer) May 17, 2022
ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack Moderate
CVE-2010-4338 was published for ocrodjvu (pip) May 17, 2022
Buildah (as part of Podman) vulnerable to Link Following Moderate
CVE-2022-4122 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
guidobonomi
Typo3 Open Redirect In Frontend Rendering Moderate
CVE-2014-9508 was published for typo3/cms (Composer) May 17, 2022
Puppet allows local users to modify the permissions of arbitrary files Moderate
CVE-2011-3870 was published for puppet (RubyGems) May 14, 2022
Puppet arbitrary file overwrite Moderate
CVE-2011-3869 was published for puppet (RubyGems) May 14, 2022
Fabric vulnerable to symlink attack on tmp files Moderate
CVE-2011-2185 was published for fabric (pip) May 17, 2022
Arbitrary file read vulnerability in workspace browsers in Jenkins Moderate
CVE-2021-21602 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read Moderate
CVE-2023-46655 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Script Injection in Show In Browser gem Moderate
CVE-2013-2105 was published for show_in_browser (RubyGems) Oct 24, 2017
Ghost vulnerable to arbitrary file read via symlinks in content import Moderate
CVE-2023-40028 was published for ghost (npm) Aug 15, 2023
ixSly
keycloak-httpd-client-install symlink attack vulnerability Moderate
CVE-2017-15111 was published for keycloak-httpd-client-install (pip) May 14, 2022
Podman Symlink Vulnerability Moderate
CVE-2019-18466 was published for github.com/containers/podman/v4 (Go) May 24, 2022
Kubernetes kubectl cp Vulnerable to Symlink Attack Moderate
CVE-2019-11251 was published for k8s.io/kubernetes (Go) May 18, 2021
Symlink Attack in kubectl cp Moderate
CVE-2019-1002101 was published for k8s.io/kubernetes (Go) Feb 15, 2022
eyeD3 is vulnerable to arbitrary file modification via symlink attack Moderate
CVE-2014-1934 was published for eyeD3 (pip) May 14, 2022
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following Moderate
CVE-2021-4287 was published for binwalk (pip) Dec 27, 2022
ProTip! Advisories are also available from the GraphQL API