Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,249 advisories

Loading
A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for... Moderate Unreviewed
CVE-2025-1697 was published Apr 18, 2025
A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on... High Unreviewed
CVE-2025-63946 was published Feb 23, 2026
A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on... High Unreviewed
CVE-2025-63945 was published Feb 23, 2026
An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka ... High Unreviewed
CVE-2020-16939 was published May 24, 2022
RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability.... Moderate Unreviewed
CVE-2026-2490 was published Feb 21, 2026
A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown... High Unreviewed
CVE-2026-2627 was published Feb 18, 2026
An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client... High Unreviewed
CVE-2024-23459 was published May 2, 2024
Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and... High Unreviewed
CVE-2026-26225 was published Feb 13, 2026
A link following vulnerability has been reported to affect several QNAP operating system versions... Critical Unreviewed
CVE-2025-66277 was published Feb 11, 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe... High Unreviewed
CVE-2026-20610 was published Feb 12, 2026
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an... High Unreviewed
CVE-2025-3771 was published Jun 26, 2025
Improper link resolution before file access ('link following') in Windows App for Mac allows an... High Unreviewed
CVE-2026-21517 was published Feb 10, 2026
An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59]... High Unreviewed
CVE-2025-62676 was published Feb 10, 2026
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx. Moderate Unreviewed
CVE-2025-15314 was published Feb 10, 2026
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. Moderate Unreviewed
CVE-2025-15318 was published Feb 10, 2026
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. High Unreviewed
CVE-2025-15319 was published Feb 10, 2026
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. High Unreviewed
CVE-2025-15310 was published Feb 10, 2026
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS. Moderate Unreviewed
CVE-2025-15313 was published Feb 10, 2026
Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link... Moderate Unreviewed
CVE-2026-21419 was published Feb 9, 2026
Tanium addressed an improper link resolution before file access vulnerability in Enforce. Moderate Unreviewed
CVE-2025-15328 was published Feb 5, 2026
Tanium addressed a documentation issue in Engage. Moderate Unreviewed
CVE-2025-15324 was published Feb 5, 2026
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including... Critical Unreviewed
CVE-2025-69430 was published Feb 3, 2026
The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow... High Unreviewed
CVE-2025-69429 was published Feb 3, 2026
The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following.... Critical Unreviewed
CVE-2025-69431 was published Feb 3, 2026
Compressing Vulnerable to Arbitrary File Write via Symlink Extraction High
CVE-2026-24884 was published for compressing (npm) Feb 3, 2026
Heeqw
Credited to Heeqw
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database