Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects High
CVE-2025-62596 was published for youki (Rust) Nov 5, 2025
saku3 cyphar
Credited to saku3 and cyphar
youki container escape via "masked path" abuse due to mount race conditions High
CVE-2025-62161 was published for youki (Rust) Nov 5, 2025
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects High
CVE-2025-52881 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
tonistiigi cyphar
lifubang OddBloke olsova
Credited to tonistiigi, cyphar, lifubang, OddBloke, and olsova
runc container escape with malicious config due to /dev/console mount and related races High
CVE-2025-52565 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 lifubang
cyphar
Credited to ssst0n3, lifubang, and cyphar
runc container escape via "masked path" abuse due to mount race conditions High
CVE-2025-31133 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 rata
kolyshkin lifubang cyphar
Credited to ssst0n3, rata, kolyshkin, lifubang, and cyphar
SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4... Moderate Unreviewed
CVE-2025-43991 was published Oct 13, 2025
Claude Code permission deny bypass through symlink Low
CVE-2025-59829 was published for @anthropic-ai/claude-code (npm) Oct 3, 2025
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package... Moderate Unreviewed
CVE-2025-53881 was published Oct 2, 2025
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball High
CVE-2025-59343 was published for tar-fs (npm) Sep 24, 2025
lukaselmer cai0duque
Credited to lukaselmer and cai0duque
astral-tokio-tar has a path traversal in tar extraction Moderate
CVE-2025-59825 was published for astral-tokio-tar (Rust) Sep 23, 2025
calebbrown woodruffw
charliermarsh zanieb
Credited to calebbrown, woodruffw, charliermarsh, and zanieb
The txtai framework allows the loading of compressed tar files as embedding indices. While the... High Unreviewed
CVE-2025-10854 was published Sep 22, 2025
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99
Credited to Luap99
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00
Credited to Mahmoud0x00
Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. High
CVE-2025-54867 was published for youki (Rust) Aug 14, 2025
saku3 utam0k
Credited to saku3 and utam0k
Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could... High Unreviewed
CVE-2025-55345 was published Aug 13, 2025
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2,... Moderate Unreviewed
CVE-2025-5468 was published Aug 12, 2025
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution... High Unreviewed
CVE-2025-36564 was published Jun 3, 2025
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows... Critical Unreviewed
CVE-2025-23394 was published May 26, 2025
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's... High Unreviewed
CVE-2025-1079 was published May 12, 2025
UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR... Moderate Unreviewed
CVE-2025-30485 was published Apr 3, 2025
AWS SAM CLI Path Traversal allows file copy to local cache Moderate
CVE-2025-3048 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
Credited to kevinbackhouse
AWS SAM CLI Path Traversal allows file copy to build container Moderate
CVE-2025-3047 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
Credited to kevinbackhouse
zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write High
CVE-2025-29787 was published for zip (Rust) Mar 17, 2025
eternal-flame-AD Pr0methean
Credited to eternal-flame-AD and Pr0methean
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling.... Moderate Unreviewed
CVE-2025-24832 was published Feb 28, 2025
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an... Moderate Unreviewed
CVE-2024-45418 was published Feb 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database