Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0... Critical Unreviewed
CVE-2025-11462 was published Oct 7, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7... Critical Unreviewed
CVE-2025-43220 was published Jul 30, 2025
Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh... Critical Unreviewed
CVE-2025-52936 was published Jun 23, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-30457 was published Apr 1, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-24278 was published Apr 1, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia... Critical Unreviewed
CVE-2025-24242 was published Apr 1, 2025
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack... Critical Unreviewed
CVE-2024-37143 was published Dec 10, 2024
qdrant input validation failure Critical
CVE-2024-3829 was published for qdrant-client (pip) Jun 3, 2024
Froxlor Improper Input Validation vulnerability Critical
CVE-2023-6069 was published for froxlor/froxlor (Composer) Nov 10, 2023
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for... Critical Unreviewed
CVE-2023-39107 was published Aug 4, 2023
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system Critical
CVE-2023-25168 was published for github.com/pterodactyl/wings (Go) Feb 10, 2023
T4x0r
Credited to T4x0r
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code... Critical Unreviewed
CVE-2021-3942 was published Dec 12, 2022
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission... Critical Unreviewed
CVE-2022-23144 was published Sep 25, 2022
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points... Critical Unreviewed
CVE-2022-34960 was published Aug 26, 2022
ZipSlip vulnerability in bblfshd Critical Unreviewed
CVE-2021-32825 was published May 24, 2022
Helm Unsafe Link Following Critical
CVE-2019-18658 was published for helm.sh/helm (Go) May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21686 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault westonsteimel
Credited to NotMyFault and westonsteimel
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21691 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21695 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to... Critical Unreviewed
CVE-2021-38570 was published May 24, 2022
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2... Critical Unreviewed
CVE-2020-25989 was published May 24, 2022
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed... Critical Unreviewed
CVE-2018-5225 was published May 14, 2022
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability Critical
CVE-2018-12026 was published for passenger (RubyGems) May 14, 2022
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4... Critical Unreviewed
CVE-2017-1002101 was published May 13, 2022
Insecure Temporary File in SWHKD Critical
CVE-2022-27815 was published for Simple-Wayland-HotKey-Daemon (Rust) Mar 31, 2022
Shinyzenith
Credited to Shinyzenith
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database