Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Apptainer ineffectively applies selinux and apparmor --security options Moderate
CVE-2025-65105 was published for github.com/apptainer/apptainer (Go) Dec 2, 2025
dtrudg
Credited to dtrudg
Singluarity ineffectively applies selinux / apparmor LSM process labels Moderate
CVE-2025-64750 was published for github.com/sylabs/singularity/v4 (Go) Dec 2, 2025
SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4... Moderate Unreviewed
CVE-2025-43991 was published Oct 13, 2025
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package... Moderate Unreviewed
CVE-2025-53881 was published Oct 2, 2025
astral-tokio-tar has a path traversal in tar extraction Moderate
CVE-2025-59825 was published for astral-tokio-tar (Rust) Sep 23, 2025
calebbrown woodruffw
charliermarsh zanieb
Credited to calebbrown, woodruffw, charliermarsh, and zanieb
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00
Credited to Mahmoud0x00
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2,... Moderate Unreviewed
CVE-2025-5468 was published Aug 12, 2025
UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR... Moderate Unreviewed
CVE-2025-30485 was published Apr 3, 2025
AWS SAM CLI Path Traversal allows file copy to local cache Moderate
CVE-2025-3048 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
Credited to kevinbackhouse
AWS SAM CLI Path Traversal allows file copy to build container Moderate
CVE-2025-3047 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
Credited to kevinbackhouse
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling.... Moderate Unreviewed
CVE-2025-24832 was published Feb 28, 2025
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an... Moderate Unreviewed
CVE-2024-45418 was published Feb 25, 2025
Insecure Temporary File usage in github.com/golang/glog Moderate
CVE-2024-45339 was published for github.com/golang/glog (Go) Jan 28, 2025
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low... Moderate Unreviewed
CVE-2024-52542 was published Dec 17, 2024
Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability.... Moderate Unreviewed
CVE-2024-52537 was published Dec 11, 2024
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated... Moderate Unreviewed
CVE-2023-20093 was published Nov 15, 2024
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated... Moderate Unreviewed
CVE-2023-20092 was published Nov 15, 2024
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated,... Moderate Unreviewed
CVE-2023-20091 was published Nov 15, 2024
Arbitrary file overwrite during recovery due to improper soft link handling. The following... Moderate Unreviewed
CVE-2024-34014 was published Nov 11, 2024
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a... Moderate Unreviewed
CVE-2024-0134 was published Nov 5, 2024
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. Moderate
CVE-2024-47877 was published for github.com/codeclysm/extract (Go) Oct 11, 2024
buglloc cmaglie
Credited to buglloc and cmaglie
runc can be confused to create empty files/directories on the host Moderate
CVE-2024-45310 was published for github.com/opencontainers/runc (Go) Sep 3, 2024
rata alban
cyphar sdowell
Credited to rata, alban, cyphar, and sdowell
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink)... Moderate Unreviewed
CVE-2024-39578 was published Aug 31, 2024
In aiohttp, compressed files as symlinks are not protected from path traversal Moderate
CVE-2024-42367 was published for aiohttp (pip) Aug 9, 2024
steverep
Credited to steverep
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... Moderate Unreviewed
CVE-2024-27872 was published Jul 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database