GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+
1,175 advisories
Filter by severity
Improper link resolution before file access ('link following') in XBox Gaming Services allows an...
High
Unreviewed
CVE-2025-59281
was published
Oct 14, 2025
Improper link resolution before file access ('link following') in Windows Health and Optimized...
High
Unreviewed
CVE-2025-59241
was published
Oct 14, 2025
Improper link resolution before file access ('link following') in .NET allows an authorized...
High
Unreviewed
CVE-2025-55247
was published
Oct 14, 2025
A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This...
High
Unreviewed
CVE-2025-9968
was published
Oct 13, 2025
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This...
Low
Unreviewed
CVE-2025-11489
was published
Oct 8, 2025
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0...
Critical
Unreviewed
CVE-2025-11462
was published
Oct 7, 2025
Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in...
Moderate
Unreviewed
CVE-2025-41421
was published
Oct 1, 2025
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
Moderate
CVE-2025-8869
was published
for
pip
(pip)
Sep 24, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (Windows client...
High
Unreviewed
CVE-2025-34194
was published
Sep 19, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and...
High
Unreviewed
CVE-2025-34191
was published
Sep 19, 2025
Improper link resolution before file access ('link following') in Xbox allows an authorized...
High
Unreviewed
CVE-2025-55245
was published
Sep 9, 2025
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU)...
High
Unreviewed
CVE-2025-55317
was published
Sep 9, 2025
Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link...
Moderate
Unreviewed
CVE-2025-43726
was published
Sep 2, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia...
Moderate
Unreviewed
CVE-2024-54554
was published
Aug 29, 2025
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Moderate
CVE-2025-57749
was published
for
n8n
(npm)
Aug 20, 2025
AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2025-8612
was published
Aug 20, 2025
CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that...
High
Unreviewed
CVE-2025-5296
was published
Aug 18, 2025
HashiCorp go-getter Vulnerable to Symlink Attacks
High
CVE-2025-8959
was published
for
github.com/hashicorp/go-getter
(Go)
Aug 15, 2025
A potential security vulnerability has been identified in the HPAudioAnalytics service included...
Moderate
Unreviewed
CVE-2025-43490
was published
Aug 15, 2025
7-Zip before 25.01 does not always properly handle symbolic links during extraction.
Low
Unreviewed
CVE-2025-55188
was published
Aug 8, 2025
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
Low
CVE-2025-54798
was published
for
tmp
(npm)
Aug 6, 2025
Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an...
High
Unreviewed
CVE-2025-36611
was published
Jul 30, 2025
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in...
Moderate
Unreviewed
CVE-2025-43252
was published
Jul 30, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7...
Critical
Unreviewed
CVE-2025-43220
was published
Jul 30, 2025
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook
High
CVE-2025-23267
was published
for
github.com/NVIDIA/gpu-operator
(Go)
Jul 17, 2025
ProTip!
Advisories are also available from the
GraphQL API