Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,201 advisories

Loading
Arbitrary File Overwrite in fstream High
CVE-2019-13173 was published for fstream (npm) May 30, 2019
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack... High Unreviewed
CVE-2025-22480 was published Feb 13, 2025
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist High
CVE-2021-39135 was published for @npmcli/arborist (npm) Aug 31, 2021
JarLob KateCatlin
Credited to JarLob and KateCatlin
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows... Moderate Unreviewed
CVE-2023-27850 was published Mar 10, 2023
Microsoft Office Elevation of Privilege Vulnerability High Unreviewed
CVE-2023-33148 was published Jul 11, 2023
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an... Moderate Unreviewed
CVE-2024-45418 was published Feb 25, 2025
A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow... High Unreviewed
CVE-2023-25145 was published Mar 10, 2023
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a... High Unreviewed
CVE-2023-25146 was published Mar 10, 2023
A security agent link following vulnerability in Trend Micro Apex One could allow a local... High Unreviewed
CVE-2023-25148 was published Mar 10, 2023
Improper link resolution before file access ('link following') in Microsoft Windows allows an... High Unreviewed
CVE-2025-25008 was published Mar 11, 2025
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based)... High Unreviewed
CVE-2025-29795 was published Mar 23, 2025
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to... High Unreviewed
CVE-2020-36657 was published Jan 26, 2023
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. Moderate Unreviewed
CVE-1999-0794 was published Apr 30, 2022
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client... Moderate Unreviewed
CVE-1999-0981 was published Apr 30, 2022
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors... High Unreviewed
CVE-2002-2374 was published Apr 30, 2022
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations,... Moderate Unreviewed
CVE-2004-0689 was published Apr 29, 2022
Improper link resolution before file access ('link following') in Windows Installer allows an... High Unreviewed
CVE-2025-27727 was published Apr 8, 2025
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir... Moderate Unreviewed
CVE-2007-4652 was published May 1, 2022
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary... Moderate Unreviewed
CVE-2008-1694 was published May 1, 2022
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to... Moderate Unreviewed
CVE-2008-2052 was published May 1, 2022
policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files... Low Unreviewed
CVE-2008-1569 was published May 1, 2022
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary... Moderate Unreviewed
CVE-2008-1684 was published May 1, 2022
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote... High Unreviewed
CVE-2008-2311 was published May 1, 2022
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of... High Unreviewed
CVE-2008-4694 was published May 17, 2022
An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall... Moderate Unreviewed
CVE-2025-23010 was published Apr 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database