Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

55 advisories

Loading
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated,... Moderate Unreviewed
CVE-2023-20091 was published Nov 15, 2024
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated... Moderate Unreviewed
CVE-2023-20093 was published Nov 15, 2024
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma... High Unreviewed
CVE-2024-23285 was published Mar 8, 2024
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia... High Unreviewed
CVE-2024-44132 was published Sep 17, 2024
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. Critical Unreviewed
CVE-2024-54661 was published Dec 4, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink)... Moderate Unreviewed
CVE-2024-25952 was published Mar 28, 2024
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink)... Moderate Unreviewed
CVE-2024-25953 was published Mar 28, 2024
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs... High Unreviewed
CVE-2024-52535 was published Dec 25, 2024
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution... High Unreviewed
CVE-2024-47480 was published Dec 18, 2024
Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability.... Moderate Unreviewed
CVE-2024-52537 was published Dec 11, 2024
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low... Moderate Unreviewed
CVE-2024-52542 was published Dec 17, 2024
A vulnerability was found in Pagure. Support of symbolic links during repository archiving of... High Unreviewed
CVE-2024-47515 was published Dec 24, 2024
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack... High Unreviewed
CVE-2025-22480 was published Feb 13, 2025
Insecure Temporary File usage in github.com/golang/glog Moderate
CVE-2024-45339 was published for github.com/golang/glog (Go) Jan 28, 2025
runc can be confused to create empty files/directories on the host Moderate
CVE-2024-45310 was published for github.com/opencontainers/runc (Go) Sep 3, 2024
rata alban
cyphar sdowell
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist High
CVE-2021-39135 was published for @npmcli/arborist (npm) Aug 31, 2021
JarLob KateCatlin
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling.... Moderate Unreviewed
CVE-2025-24832 was published Feb 28, 2025
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an... Moderate Unreviewed
CVE-2024-45418 was published Feb 25, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... Moderate Unreviewed
CVE-2024-27872 was published Jul 30, 2024
zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write High
CVE-2025-29787 was published for zip (Rust) Mar 17, 2025
eternal-flame-AD Pr0methean
UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR... Moderate Unreviewed
CVE-2025-30485 was published Apr 3, 2025
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows... Critical Unreviewed
CVE-2025-23394 was published May 26, 2025
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution... High Unreviewed
CVE-2025-36564 was published Jun 3, 2025
In aiohttp, compressed files as symlinks are not protected from path traversal Moderate
CVE-2024-42367 was published for aiohttp (pip) Aug 9, 2024
steverep
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's... High Unreviewed
CVE-2025-1079 was published May 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database