GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
124 advisories
Filter by severity
Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem.
High
CVE-2025-54867
was published
for
youki
(Rust)
Aug 14, 2025
Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could...
High
Unreviewed
CVE-2025-55345
was published
Aug 13, 2025
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2,...
Moderate
Unreviewed
CVE-2025-5468
was published
Aug 12, 2025
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's...
High
Unreviewed
CVE-2025-1079
was published
May 12, 2025
In aiohttp, compressed files as symlinks are not protected from path traversal
Moderate
CVE-2024-42367
was published
for
aiohttp
(pip)
Aug 9, 2024
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows...
Critical
Unreviewed
CVE-2025-23394
was published
May 26, 2025
UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR...
Moderate
Unreviewed
CVE-2025-30485
was published
Apr 3, 2025
zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write
High
CVE-2025-29787
was published
for
zip
(Rust)
Mar 17, 2025
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an...
Moderate
Unreviewed
CVE-2024-45418
was published
Feb 25, 2025
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling....
Moderate
Unreviewed
CVE-2025-24832
was published
Feb 28, 2025
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
High
CVE-2021-39135
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
runc can be confused to create empty files/directories on the host
Moderate
CVE-2024-45310
was published
for
github.com/opencontainers/runc
(Go)
Sep 3, 2024
Insecure Temporary File usage in github.com/golang/glog
Moderate
CVE-2024-45339
was published
for
github.com/golang/glog
(Go)
Jan 28, 2025
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack...
High
Unreviewed
CVE-2025-22480
was published
Feb 13, 2025
A vulnerability was found in Pagure. Support of symbolic links during repository archiving of...
High
Unreviewed
CVE-2024-47515
was published
Dec 24, 2024
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low...
Moderate
Unreviewed
CVE-2024-52542
was published
Dec 17, 2024
Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability....
Moderate
Unreviewed
CVE-2024-52537
was published
Dec 11, 2024
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution...
High
Unreviewed
CVE-2024-47480
was published
Dec 18, 2024
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs...
High
Unreviewed
CVE-2024-52535
was published
Dec 25, 2024
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink)...
Moderate
Unreviewed
CVE-2024-25953
was published
Mar 28, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink)...
Moderate
Unreviewed
CVE-2024-25952
was published
Mar 28, 2024
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.
Critical
Unreviewed
CVE-2024-54661
was published
Dec 4, 2024
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated,...
Moderate
Unreviewed
CVE-2023-20091
was published
Nov 15, 2024
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated...
Moderate
Unreviewed
CVE-2023-20093
was published
Nov 15, 2024
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated...
Moderate
Unreviewed
CVE-2023-20092
was published
Nov 15, 2024
ProTip!
Advisories are also available from the
GraphQL API