Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,349 advisories

Loading
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to... High Unreviewed
CVE-2026-11322 was published Jun 5, 2026
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows... High Unreviewed
CVE-2026-49135 was published Jun 1, 2026
A Dag author could either (a) create a symlink under their task's log directory pointing to an... Moderate Unreviewed
CVE-2026-40861 was published Jun 1, 2026
Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta Moderate
CVE-2026-47121 was published for github.com/sparkle-project/Sparkle (Swift) May 29, 2026
fg0x0 Credited to fg0x0
Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path High
CVE-2026-41236 was published for froxlor/froxlor (Composer) May 29, 2026
larlarua Credited to larlarua
Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8... Moderate Unreviewed
CVE-2026-6891 was published May 29, 2026
Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may... Moderate Unreviewed
CVE-2026-6892 was published May 29, 2026
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace... High Unreviewed
CVE-2026-9804 was published May 28, 2026
Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit... High Unreviewed
CVE-2026-48921 was published May 27, 2026
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via... Moderate Unreviewed
CVE-2026-48693 was published May 26, 2026
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated... Critical Unreviewed
CVE-2026-7374 was published May 26, 2026
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets... Critical Unreviewed
CVE-2026-42496 was published May 26, 2026
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside... High Unreviewed
CVE-2026-42497 was published May 26, 2026
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local... High Unreviewed
CVE-2025-71212 was published May 21, 2026
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote... High Unreviewed
CVE-2026-44051 was published May 21, 2026
Improper link resolution before file access ('link following') in Azure Portal Windows Admin... High Unreviewed
CVE-2026-42834 was published May 20, 2026
Improper link resolution before file access ('link following') in Microsoft Defender allows an... High Unreviewed
CVE-2026-41091 was published May 20, 2026
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system... High Unreviewed
CVE-2026-43619 was published May 20, 2026
An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell... Moderate Unreviewed
CVE-2026-34883 was published May 19, 2026
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree High
CVE-2026-45539 was published for apm (pip) May 18, 2026
thesmartshadow Credited to thesmartshadow
A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function... Low Unreviewed
CVE-2026-8784 was published May 18, 2026
Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update High
CVE-2026-44881 was published for github.com/portainer/portainer (Go) May 14, 2026
b-hermes Credited to b-hermes
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a... High Unreviewed
CVE-2025-27850 was published May 13, 2026
HashiCorp Nomad vulnerable to symlink attack Moderate
CVE-2026-6959 was published for github.com/hashicorp/nomad (Go) May 12, 2026
HashiCorp Nomad’s exec2 task driver vulnerable to a symlink attack Moderate
CVE-2026-8052 was published for github.com/hashicorp/nomad-driver-exec2 (Go) May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database