Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,175 advisories

Loading
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0... Critical Unreviewed
CVE-2025-11462 was published Oct 7, 2025
Improper link resolution before file access ('link following') in XBox Gaming Services allows an... High Unreviewed
CVE-2025-59281 was published Oct 14, 2025
Improper link resolution before file access ('link following') in Windows Health and Optimized... High Unreviewed
CVE-2025-59241 was published Oct 14, 2025
Improper link resolution before file access ('link following') in .NET allows an authorized... High Unreviewed
CVE-2025-55247 was published Oct 14, 2025
Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities... High Unreviewed
CVE-2024-13944 was published May 9, 2025
A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This... High Unreviewed
CVE-2025-9968 was published Oct 13, 2025
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Low Unreviewed
CVE-2025-55188 was published Aug 8, 2025
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This... Low Unreviewed
CVE-2025-11489 was published Oct 8, 2025
Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link... High Unreviewed
CVE-2025-52837 was published Jul 10, 2025
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook High
CVE-2025-23267 was published for github.com/NVIDIA/gpu-operator (Go) Jul 17, 2025
pip's fallback tar extraction doesn't check symbolic links point to extraction directory Moderate
CVE-2025-8869 was published for pip (pip) Sep 24, 2025
cai0duque bentasker
swils23
Credited to cai0duque, bentasker, and swils23
Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in... Moderate Unreviewed
CVE-2025-41421 was published Oct 1, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (Windows client... High Unreviewed
CVE-2025-34194 was published Sep 19, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and... High Unreviewed
CVE-2025-34191 was published Sep 19, 2025
A link following vulnerability has been reported to affect several QNAP operating system versions... High Unreviewed
CVE-2024-53691 was published Dec 6, 2024
Improper link resolution before file access ('link following') in Windows Update Service allows... High Unreviewed
CVE-2025-48799 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Xbox allows an authorized... High Unreviewed
CVE-2025-55245 was published Sep 9, 2025
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU)... High Unreviewed
CVE-2025-55317 was published Sep 9, 2025
A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a... High Unreviewed
CVE-2025-49157 was published Jun 17, 2025
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local... High Unreviewed
CVE-2025-49156 was published Jun 17, 2025
Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link... Moderate Unreviewed
CVE-2025-43726 was published Sep 2, 2025
HashiCorp go-getter Vulnerable to Symlink Attacks High
CVE-2025-8959 was published for github.com/hashicorp/go-getter (Go) Aug 15, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2024-54554 was published Aug 29, 2025
A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise... High Unreviewed
CVE-2024-10007 was published Nov 7, 2024
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00
Credited to Mahmoud0x00
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database