GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,558
Maven
5,000+
npm
4,232
NuGet
751
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Moderate
CVE-2025-57749
was published
for
n8n
(npm)
Aug 20, 2025
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
Low
CVE-2025-54798
was published
for
tmp
(npm)
Aug 6, 2025
@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling
High
CVE-2025-53109
was published
for
@modelcontextprotocol/server-filesystem
(npm)
Jul 1, 2025
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
High
CVE-2021-39135
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
Arbitrary File Overwrite in fstream
High
CVE-2019-13173
was published
for
fstream
(npm)
May 30, 2019
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37712
was published
for
tar
(npm)
Aug 31, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37701
was published
for
tar
(npm)
Aug 31, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
High
CVE-2021-32803
was published
for
tar
(npm)
Aug 3, 2021
Ghost vulnerable to arbitrary file read via symlinks in content import
Moderate
CVE-2023-40028
was published
for
ghost
(npm)
Aug 15, 2023
Arbitrary File Read in Snyk Broker
Moderate
CVE-2020-7653
was published
for
snyk-broker
(npm)
Jun 3, 2020
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
High
CVE-2021-39134
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
ProTip!
Advisories are also available from the
GraphQL API