Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,188 advisories

Loading
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Low Unreviewed
CVE-2025-55188 was published Aug 8, 2025
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera
Credited to dellalibera
Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an... High Unreviewed
CVE-2025-36611 was published Jul 30, 2025
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in... Moderate Unreviewed
CVE-2025-43252 was published Jul 30, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7... Critical Unreviewed
CVE-2025-43220 was published Jul 30, 2025
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook High
CVE-2025-23267 was published for github.com/NVIDIA/gpu-operator (Go) Jul 17, 2025
An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to... High Unreviewed
CVE-2025-7012 was published Jul 13, 2025
Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link... High Unreviewed
CVE-2025-52837 was published Jul 10, 2025
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an... High Unreviewed
CVE-2025-49738 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Visual Studio allows an... High Unreviewed
CVE-2025-49739 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows AppX Deployment Service... High Unreviewed
CVE-2025-48820 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows Performance Recorder... High Unreviewed
CVE-2025-49680 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Windows Update Service allows... High Unreviewed
CVE-2025-48799 was published Jul 8, 2025
Improper link resolution before file access ('link following') in Service Fabric allows an... Moderate Unreviewed
CVE-2025-21195 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file used by the arp... High Unreviewed
CVE-2025-41667 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file or folder used by... High Unreviewed
CVE-2025-41668 was published Jul 8, 2025
A low privileged remote attacker with file access can replace a critical file used by the... High Unreviewed
CVE-2025-41666 was published Jul 8, 2025
@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling High
CVE-2025-53109 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an... High Unreviewed
CVE-2025-3771 was published Jun 26, 2025
Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh... Critical Unreviewed
CVE-2025-52936 was published Jun 23, 2025
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local... Moderate Unreviewed
CVE-2025-30642 was published Jun 17, 2025
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local... High Unreviewed
CVE-2025-30640 was published Jun 17, 2025
A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security... High Unreviewed
CVE-2025-30641 was published Jun 17, 2025
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local... High Unreviewed
CVE-2025-49156 was published Jun 17, 2025
A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a... High Unreviewed
CVE-2025-49157 was published Jun 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database