GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
podman kube play symlink traversal vulnerability
High
CVE-2025-9566
was published
for
github.com/containers/podman/v4
(Go)
Sep 4, 2025
The txtai framework allows the loading of compressed tar files as embedding indices. While the...
High
Unreviewed
CVE-2025-10854
was published
Sep 22, 2025
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
High
CVE-2025-59343
was published
for
tar-fs
(npm)
Sep 24, 2025
runc container escape via "masked path" abuse due to mount race conditions
High
CVE-2025-31133
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
runc container escape with malicious config due to /dev/console mount and related races
High
CVE-2025-52565
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects
High
CVE-2025-52881
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
youki container escape via "masked path" abuse due to mount race conditions
High
CVE-2025-62161
was published
for
youki
(Rust)
Nov 5, 2025
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
High
CVE-2025-62596
was published
for
youki
(Rust)
Nov 5, 2025
WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated...
High
Unreviewed
CVE-2025-66431
was published
Dec 3, 2025
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip
High
CVE-2025-67818
was published
for
github.com/weaviate/weaviate
(Go)
Dec 12, 2025
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an...
High
Unreviewed
CVE-2025-33225
was published
Dec 16, 2025
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through...
High
Unreviewed
CVE-2026-24018
was published
Mar 10, 2026
Jenkins has a link following vulnerability allows arbitrary file creation
High
CVE-2026-33001
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 18, 2026
onnx Vulnerable to Path Traversal via Symlink
High
CVE-2026-27489
was published
for
onnx
(pip)
Mar 31, 2026
Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following...
High
Unreviewed
CVE-2026-22767
was published
Apr 1, 2026
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
High
CVE-2026-41364
was published
for
openclaw
(npm)
Apr 2, 2026
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
High
CVE-2026-35525
was published
for
liquidjs
(npm)
Apr 8, 2026
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS...
High
Unreviewed
CVE-2026-21916
was published
Apr 10, 2026
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace
High
CVE-2026-39861
was published
for
@anthropic-ai/claude-code
(npm)
Apr 21, 2026
zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
High
CVE-2026-42275
was published
for
github.com/openziti/zrok
(Go)
Apr 25, 2026
Kata Container has CopyFile Policy Subversion via Symlinks
High
CVE-2026-41326
was published
for
github.com/kata-containers/kata-containers
(Go)
May 4, 2026
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing...
High
Unreviewed
CVE-2026-29203
was published
May 8, 2026
pgAdmin 4 File Manager has symbolic-link path traversal
High
CVE-2026-7819
was published
for
pgadmin4
(pip)
May 11, 2026
Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin...
High
Unreviewed
CVE-2026-6475
was published
May 14, 2026
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload...
High
Unreviewed
CVE-2026-41937
was published
May 14, 2026
ProTip!
Advisories are also available from the
GraphQL API