Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,840
Erlang
36
GitHub Actions
33
Go
2,464
Maven
5,000+
npm
4,082
NuGet
723
pip
3,880
Pub
12
RubyGems
943
Rust
1,011
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,157 advisories

Loading
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00
AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2025-8612 was published Aug 20, 2025
CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that... High Unreviewed
CVE-2025-5296 was published Aug 18, 2025
A potential security vulnerability has been identified in the HPAudioAnalytics service included... Moderate Unreviewed
CVE-2025-43490 was published Aug 15, 2025
HashiCorp go-getter Vulnerable to Symlink Attacks High
CVE-2025-8959 was published for github.com/hashicorp/go-getter (Go) Aug 15, 2025
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Low Unreviewed
CVE-2025-55188 was published Aug 8, 2025
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera
Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an... High Unreviewed
CVE-2025-36611 was published Jul 30, 2025
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in... Moderate Unreviewed
CVE-2025-43252 was published Jul 30, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7... Critical Unreviewed
CVE-2025-43220 was published Jul 30, 2025
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook,... High Unreviewed
CVE-2025-23267 was published Jul 17, 2025
An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to... High Unreviewed
CVE-2025-7012 was published Jul 13, 2025
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an... High Unreviewed
CVE-2025-49738 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Visual Studio allows an... High Unreviewed
CVE-2025-49739 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows AppX Deployment Service... High Unreviewed
CVE-2025-48820 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows Performance Recorder... High Unreviewed
CVE-2025-49680 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows Update Service allows... High Unreviewed
CVE-2025-48799 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Service Fabric allows an... Moderate Unreviewed
CVE-2025-21195 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file or folder used by... High Unreviewed
CVE-2025-41668 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file used by the... High Unreviewed
CVE-2025-41666 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file used by the arp... High Unreviewed
CVE-2025-41667 was published Jul 8, 2025
@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling High
CVE-2025-53109 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an... High Unreviewed
CVE-2025-3771 was published Jun 26, 2025
Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh... Critical Unreviewed
CVE-2025-52936 was published Jun 23, 2025
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local... Moderate Unreviewed
CVE-2025-30642 was published Jun 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database