GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,401 advisories
Filter by severity
Improper link resolution before file access ('link following') in Winlogon allows an authorized...
High
Unreviewed
CVE-2026-42989
was published
Jun 9, 2026
Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File...
Moderate
Unreviewed
CVE-2026-28262
was published
Jun 9, 2026
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to...
High
Unreviewed
CVE-2026-11322
was published
Jun 5, 2026
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows...
High
Unreviewed
CVE-2026-49135
was published
Jun 1, 2026
A Dag author could either (a) create a symlink under their task's log directory pointing to an...
Moderate
Unreviewed
CVE-2026-40861
was published
Jun 1, 2026
Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta
Moderate
CVE-2026-47121
was published
for
github.com/sparkle-project/Sparkle
(Swift)
May 29, 2026
Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path
High
CVE-2026-41236
was published
for
froxlor/froxlor
(Composer)
May 29, 2026
Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8...
Moderate
Unreviewed
CVE-2026-6891
was published
May 29, 2026
Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may...
Moderate
Unreviewed
CVE-2026-6892
was published
May 29, 2026
KubeVirt has a Link Following issue
High
CVE-2026-9804
was published
for
kubevirt.io/kubevirt
(Go)
May 28, 2026
Jenkins Pipeline: Groovy Libraries Plugin does not prohibit symbolic links in shared libraries
High
CVE-2026-48921
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
May 27, 2026
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via...
Moderate
Unreviewed
CVE-2026-48693
was published
May 26, 2026
KubeVirt has a Link Following vulnerability
Critical
CVE-2026-7374
was published
for
kubevirt.io/kubevirt
(Go)
May 26, 2026
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets...
Critical
Unreviewed
CVE-2026-42496
was published
May 26, 2026
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside...
High
Unreviewed
CVE-2026-42497
was published
May 26, 2026
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local...
High
Unreviewed
CVE-2025-71212
was published
May 21, 2026
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote...
High
Unreviewed
CVE-2026-44051
was published
May 21, 2026
Improper link resolution before file access ('link following') in Azure Portal Windows Admin...
High
Unreviewed
CVE-2026-42834
was published
May 20, 2026
Improper link resolution before file access ('link following') in Microsoft Defender allows an...
High
Unreviewed
CVE-2026-41091
was published
May 20, 2026
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system...
High
Unreviewed
CVE-2026-43619
was published
May 20, 2026
An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell...
Moderate
Unreviewed
CVE-2026-34883
was published
May 19, 2026
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree
High
CVE-2026-45539
was published
for
apm
(pip)
May 18, 2026
A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function...
Low
Unreviewed
CVE-2026-8784
was published
May 18, 2026
Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
High
CVE-2026-44881
was published
for
github.com/portainer/portainer
(Go)
May 14, 2026
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a...
High
Unreviewed
CVE-2025-27850
was published
May 13, 2026
ProTip!
Advisories are also available from the
GraphQL API