Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

171 advisories

Loading
A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function... Low Unreviewed
CVE-2026-8784 was published May 18, 2026
ciguard: discover_pipeline_files follows symlinks out of scan root Low
CVE-2026-44220 was published for ciguard (pip) May 5, 2026
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function... Low Unreviewed
CVE-2026-7397 was published Apr 29, 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma... Low Unreviewed
CVE-2025-43395 was published Nov 4, 2025
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This... Low Unreviewed
CVE-2025-11489 was published Oct 8, 2025
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Low Unreviewed
CVE-2025-55188 was published Aug 8, 2025
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera Credited to dellalibera
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an... Low Unreviewed
CVE-2025-0146 was published Jan 30, 2025
snapd failed to properly check the destination of symbolic links when extracting a snap Low
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability Low
CVE-2023-5834 was published for github.com/hashicorp/vagrant (Go) Oct 28, 2023
Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary... Low Unreviewed
CVE-2023-24572 was published Feb 13, 2023
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete... Low Unreviewed
CVE-2023-23697 was published Feb 13, 2023
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
emilyalbini Credited to emilyalbini and litios litios litios
There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential... Low Unreviewed
CVE-2021-21740 was published May 24, 2022
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform... Low Unreviewed
CVE-2021-23239 was published May 24, 2022
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application... Low Unreviewed
CVE-2020-16851 was published May 24, 2022
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application... Low Unreviewed
CVE-2020-16853 was published May 24, 2022
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run... Low Unreviewed
CVE-2020-14367 was published May 24, 2022
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory... Low Unreviewed
CVE-2020-6012 was published May 24, 2022
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local... Low Unreviewed
CVE-2020-7282 was published May 24, 2022
Apport creates a world writable lock file with root ownership in the world writable /var/lock... Low Unreviewed
CVE-2020-8831 was published May 24, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server... Low Unreviewed
CVE-2020-8013 was published May 24, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb... Low Unreviewed
CVE-2019-18901 was published May 24, 2022
Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability.... Low Unreviewed
CVE-2020-5324 was published May 24, 2022
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary... Low Unreviewed
CVE-2013-0200 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database