GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,293
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
60 advisories
Filter by severity
On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of...
High
Unreviewed
CVE-2026-39822
was published
Jul 8, 2026
A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile...
Moderate
Unreviewed
CVE-2026-13218
was published
Jun 26, 2026
A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses O_PATH...
Moderate
Unreviewed
CVE-2026-13201
was published
Jun 24, 2026
pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in...
High
Unreviewed
CVE-2026-56815
was published
Jun 23, 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0)...
High
Unreviewed
CVE-2026-54420
was published
Jun 14, 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia...
Moderate
Unreviewed
CVE-2025-43278
was published
Jun 11, 2026
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload...
High
Unreviewed
CVE-2026-41937
was published
May 14, 2026
Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin...
High
Unreviewed
CVE-2026-6475
was published
May 14, 2026
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing...
High
Unreviewed
CVE-2026-29203
was published
May 8, 2026
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash...
Low
Unreviewed
CVE-2026-40354
was published
Apr 11, 2026
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS...
High
Unreviewed
CVE-2026-21916
was published
Apr 10, 2026
Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following...
High
Unreviewed
CVE-2026-22767
was published
Apr 1, 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and...
Moderate
Unreviewed
CVE-2026-20694
was published
Mar 25, 2026
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through...
High
Unreviewed
CVE-2026-24018
was published
Mar 10, 2026
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server...
Critical
Unreviewed
CVE-2025-68937
was published
Dec 26, 2025
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an...
High
Unreviewed
CVE-2025-33225
was published
Dec 16, 2025
WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated...
High
Unreviewed
CVE-2025-66431
was published
Dec 3, 2025
SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4...
Moderate
Unreviewed
CVE-2025-43991
was published
Oct 13, 2025
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package...
Moderate
Unreviewed
CVE-2025-53881
was published
Oct 2, 2025
The txtai framework allows the loading of compressed tar files as embedding indices. While the...
High
Unreviewed
CVE-2025-10854
was published
Sep 22, 2025
Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could...
High
Unreviewed
CVE-2025-55345
was published
Aug 13, 2025
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2,...
Moderate
Unreviewed
CVE-2025-5468
was published
Aug 12, 2025
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution...
High
Unreviewed
CVE-2025-36564
was published
Jun 3, 2025
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows...
Critical
Unreviewed
CVE-2025-23394
was published
May 26, 2025
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's...
High
Unreviewed
CVE-2025-1079
was published
May 12, 2025
ProTip!
Advisories are also available from the
GraphQL API