GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
506 advisories
Filter by severity
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver...
High
Unreviewed
CVE-2026-14891
was published
Jul 8, 2026
AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and...
High
Unreviewed
CVE-2026-14904
was published
Jul 7, 2026
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based)...
High
Unreviewed
CVE-2026-57991
was published
Jul 3, 2026
Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution...
High
Unreviewed
CVE-2026-41121
was published
Jul 1, 2026
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based...
High
Unreviewed
CVE-2026-54369
was published
Jun 29, 2026
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr...
High
Unreviewed
CVE-2026-54371
was published
Jun 29, 2026
ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows...
High
Unreviewed
CVE-2026-35025
was published
Jun 24, 2026
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution...
High
Unreviewed
CVE-2026-44274
was published
Jun 22, 2026
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
High
Unreviewed
CVE-2026-50656
was published
Jun 16, 2026
A symlink following vulnerability was found in the ABRT post-create event handler scripts in...
High
Unreviewed
CVE-2026-54230
was published
Jun 13, 2026
A local privilege escalation vulnerability was found in the ansible.posix authorized_key module....
High
Unreviewed
CVE-2026-11837
was published
Jun 10, 2026
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an...
High
Unreviewed
CVE-2026-50511
was published
Jun 9, 2026
Improper link resolution before file access ('link following') in Windows Collaborative...
High
Unreviewed
CVE-2026-45586
was published
Jun 9, 2026
Improper link resolution before file access ('link following') in Winlogon allows an authorized...
High
Unreviewed
CVE-2026-42989
was published
Jun 9, 2026
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to...
High
Unreviewed
CVE-2026-11322
was published
Jun 5, 2026
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows...
High
Unreviewed
CVE-2026-49135
was published
Jun 1, 2026
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside...
High
Unreviewed
CVE-2026-42497
was published
May 26, 2026
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local...
High
Unreviewed
CVE-2025-71212
was published
May 21, 2026
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote...
High
Unreviewed
CVE-2026-44051
was published
May 21, 2026
Improper link resolution before file access ('link following') in Azure Portal Windows Admin...
High
Unreviewed
CVE-2026-42834
was published
May 20, 2026
Improper link resolution before file access ('link following') in Microsoft Defender allows an...
High
Unreviewed
CVE-2026-41091
was published
May 20, 2026
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system...
High
Unreviewed
CVE-2026-43619
was published
May 20, 2026
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a...
High
Unreviewed
CVE-2025-27850
was published
May 13, 2026
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to...
High
Unreviewed
CVE-2021-47949
was published
May 10, 2026
In JetBrains IntelliJ IDEA before 2024.3.7.1,
2025.1.7.1,
2025.2.6.2,
2025.3.4.1,
2026.1.1...
High
Unreviewed
CVE-2026-41882
was published
Apr 30, 2026
ProTip!
Advisories are also available from the
GraphQL API