Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,163 advisories

Loading
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an... High Unreviewed
CVE-2025-3771 was published Jun 26, 2025
The CloudStack management server and secondary storage VM could be tricked into making requests... High Unreviewed
CVE-2024-29007 was published Apr 4, 2024
A privilege escalation vulnerability exists in the virtual machine archive restoration... High Unreviewed
CVE-2024-36486 was published Jun 3, 2025
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop... High Unreviewed
CVE-2024-52561 was published Jun 3, 2025
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop... High Unreviewed
CVE-2024-54189 was published Jun 3, 2025
@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling High
CVE-2025-53109 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
A low privileged remote attacker with file access can replace a critical file used by the... High Unreviewed
CVE-2025-41666 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file or folder used by... High Unreviewed
CVE-2025-41668 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file used by the arp... High Unreviewed
CVE-2025-41667 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows Performance Recorder... High Unreviewed
CVE-2025-49680 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Service Fabric allows an... Moderate Unreviewed
CVE-2025-21195 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows Update Service allows... High Unreviewed
CVE-2025-48799 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows AppX Deployment Service... High Unreviewed
CVE-2025-48820 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an... High Unreviewed
CVE-2025-49738 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Visual Studio allows an... High Unreviewed
CVE-2025-49739 was published Jul 8, 2025
An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to... High Unreviewed
CVE-2025-7012 was published Jul 13, 2025
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook,... High Unreviewed
CVE-2025-23267 was published Jul 17, 2025
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's... High Unreviewed
CVE-2025-1079 was published May 12, 2025
Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an... High Unreviewed
CVE-2025-36611 was published Jul 30, 2025
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in... Moderate Unreviewed
CVE-2025-43252 was published Jul 30, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7... Critical Unreviewed
CVE-2025-43220 was published Jul 30, 2025
_is_safe in the File::Temp module for Perl does not properly handle symlinks. Moderate Unreviewed
CVE-2011-4116 was published Apr 22, 2022
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the... Moderate Unreviewed
CVE-2025-0913 was published Jun 11, 2025
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-42125 was published May 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database