Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,247 advisories

Loading
RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability.... Moderate Unreviewed
CVE-2026-2490 was published Feb 21, 2026
A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown... High Unreviewed
CVE-2026-2627 was published Feb 18, 2026
Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and... High Unreviewed
CVE-2026-26225 was published Feb 13, 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe... High Unreviewed
CVE-2026-20610 was published Feb 12, 2026
A link following vulnerability has been reported to affect several QNAP operating system versions... Critical Unreviewed
CVE-2025-66277 was published Feb 11, 2026
Improper link resolution before file access ('link following') in Windows App for Mac allows an... High Unreviewed
CVE-2026-21517 was published Feb 10, 2026
An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59]... High Unreviewed
CVE-2025-62676 was published Feb 10, 2026
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx. Moderate Unreviewed
CVE-2025-15314 was published Feb 10, 2026
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. Moderate Unreviewed
CVE-2025-15318 was published Feb 10, 2026
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. High Unreviewed
CVE-2025-15319 was published Feb 10, 2026
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS. Moderate Unreviewed
CVE-2025-15313 was published Feb 10, 2026
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. High Unreviewed
CVE-2025-15310 was published Feb 10, 2026
Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link... Moderate Unreviewed
CVE-2026-21419 was published Feb 9, 2026
Tanium addressed a documentation issue in Engage. Moderate Unreviewed
CVE-2025-15324 was published Feb 5, 2026
Tanium addressed an improper link resolution before file access vulnerability in Enforce. Moderate Unreviewed
CVE-2025-15328 was published Feb 5, 2026
The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow... High Unreviewed
CVE-2025-69429 was published Feb 3, 2026
The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following.... Critical Unreviewed
CVE-2025-69431 was published Feb 3, 2026
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including... Critical Unreviewed
CVE-2025-69430 was published Feb 3, 2026
Compressing Vulnerable to Arbitrary File Write via Symlink Extraction High
CVE-2026-24884 was published for compressing (npm) Feb 3, 2026
Heeqw
Credited to Heeqw
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers... Moderate Unreviewed
CVE-2025-15541 was published Jan 29, 2026
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to... Moderate Unreviewed
CVE-2025-15543 was published Jan 29, 2026
Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath... Moderate Unreviewed
CVE-2026-23563 was published Jan 29, 2026
node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal High
CVE-2026-24842 was published for tar (npm) Jan 28, 2026
mistersiddd
Credited to mistersiddd
pnpm has symlink traversal in file:/git dependencies Moderate
CVE-2026-24056 was published for pnpm (npm) Jan 26, 2026
mldangelo
Credited to mldangelo
miniserve affected by a TOCTOU and symlink race vulnerability Moderate
CVE-2025-67124 was published for miniserve (Rust) Jan 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database