Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

56 advisories

Loading
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99 Credited to Luap99
lukaselmer Credited to lukaselmer and cai0duque cai0duque cai0duque
runc container escape via "masked path" abuse due to mount race conditions High
CVE-2025-31133 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 Credited to ssst0n3, rata, kolyshkin, lifubang, and cyphar rata rata
kolyshkin kolyshkin lifubang lifubang cyphar cyphar
runc container escape with malicious config due to /dev/console mount and related races High
CVE-2025-52565 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 Credited to ssst0n3, lifubang, and cyphar lifubang lifubang
cyphar cyphar
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects High
CVE-2025-52881 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
tonistiigi Credited to tonistiigi, cyphar, lifubang, OddBloke, and olsova cyphar cyphar
lifubang lifubang OddBloke OddBloke olsova olsova
youki container escape via "masked path" abuse due to mount race conditions High
CVE-2025-62161 was published for youki (Rust) Nov 5, 2025
saku3 Credited to saku3 and cyphar cyphar cyphar
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip High
CVE-2025-67818 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
Jenkins has a link following vulnerability allows arbitrary file creation High
CVE-2026-33001 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 18, 2026
bboe Credited to bboe
onnx Vulnerable to Path Traversal via Symlink High
CVE-2026-27489 was published for onnx (pip) Mar 31, 2026
pi3ch Credited to pi3ch
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host High
CVE-2026-41364 was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates High
CVE-2026-35525 was published for liquidjs (npm) Apr 8, 2026
Jvr2022 Credited to Jvr2022
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace High
CVE-2026-39861 was published for @anthropic-ai/claude-code (npm) Apr 21, 2026
zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write High
CVE-2026-42275 was published for github.com/openziti/zrok (Go) Apr 25, 2026
bugbunny-research Credited to bugbunny-research
Kata Container has CopyFile Policy Subversion via Symlinks High
CVE-2026-41326 was published for github.com/kata-containers/kata-containers (Go) May 4, 2026
fitzthum Credited to fitzthum, calonso-nv, fikriwahab, burgerdev, danmihai1, jojimt, fidencio, and kodareef5 calonso-nv calonso-nv
fikriwahab fikriwahab burgerdev burgerdev danmihai1 danmihai1 jojimt jojimt fidencio fidencio kodareef5 kodareef5
pgAdmin 4 File Manager has symbolic-link path traversal High
CVE-2026-7819 was published for pgadmin4 (pip) May 11, 2026
ProTip! Advisories are also available from the GraphQL API