Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,163 advisories

Loading
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU)... High Unreviewed
CVE-2025-55317 was published Sep 9, 2025
Improper link resolution before file access ('link following') in Xbox allows an authorized... High Unreviewed
CVE-2025-55245 was published Sep 9, 2025
Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link... Moderate Unreviewed
CVE-2025-43726 was published Sep 2, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2024-54554 was published Aug 29, 2025
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00
AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2025-8612 was published Aug 20, 2025
CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that... High Unreviewed
CVE-2025-5296 was published Aug 18, 2025
HashiCorp go-getter Vulnerable to Symlink Attacks High
CVE-2025-8959 was published for github.com/hashicorp/go-getter (Go) Aug 15, 2025
A potential security vulnerability has been identified in the HPAudioAnalytics service included... Moderate Unreviewed
CVE-2025-43490 was published Aug 15, 2025
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Low Unreviewed
CVE-2025-55188 was published Aug 8, 2025
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera
Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an... High Unreviewed
CVE-2025-36611 was published Jul 30, 2025
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in... Moderate Unreviewed
CVE-2025-43252 was published Jul 30, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7... Critical Unreviewed
CVE-2025-43220 was published Jul 30, 2025
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook,... High Unreviewed
CVE-2025-23267 was published Jul 17, 2025
An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to... High Unreviewed
CVE-2025-7012 was published Jul 13, 2025
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an... High Unreviewed
CVE-2025-49738 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Visual Studio allows an... High Unreviewed
CVE-2025-49739 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows AppX Deployment Service... High Unreviewed
CVE-2025-48820 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows Performance Recorder... High Unreviewed
CVE-2025-49680 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows Update Service allows... High Unreviewed
CVE-2025-48799 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Service Fabric allows an... Moderate Unreviewed
CVE-2025-21195 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file used by the... High Unreviewed
CVE-2025-41666 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file or folder used by... High Unreviewed
CVE-2025-41668 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file used by the arp... High Unreviewed
CVE-2025-41667 was published Jul 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database