GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
96
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
64 advisories
Filter by severity
onnx Vulnerable to Path Traversal via Symlink
High
CVE-2026-27489
was published
for
onnx
(pip)
Mar 31, 2026
Incus vulnerable to local privilege escalation through VM screenshot path
Moderate
CVE-2026-33711
was published
for
github.com/lxc/incus/v6
(Go)
Mar 27, 2026
OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
Moderate
CVE-2026-35632
was published
for
openclaw
(npm)
Mar 26, 2026
tar-rs `unpack_in` can chmod arbitrary directories by following symlinks
Moderate
CVE-2026-33056
was published
for
tar
(Rust)
Mar 20, 2026
Jenkins has a link following vulnerability allows arbitrary file creation
High
CVE-2026-33001
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 18, 2026
OpenClaw: Reject symlinks in local skill packaging script
Moderate
CVE-2026-27485
was published
for
openclaw
(npm)
Feb 20, 2026
Claude Code has Permission Deny Bypass Through Symbolic Links
Low
CVE-2026-25724
was published
for
@anthropic-ai/claude-code
(npm)
Feb 6, 2026
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Moderate
CVE-2026-24047
was published
for
@backstage/cli-common
(npm)
Jan 21, 2026
Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true
Moderate
CVE-2026-23986
was published
for
copier
(pip)
Jan 21, 2026
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false
Moderate
CVE-2026-23968
was published
for
copier
(pip)
Jan 21, 2026
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip
High
CVE-2025-67818
was published
for
github.com/weaviate/weaviate
(Go)
Dec 12, 2025
Static Web Server vulnerable to a symbolic link path traversal
Moderate
CVE-2025-67487
was published
for
static-web-server
(Rust)
Dec 8, 2025
Apptainer ineffectively applies selinux and apparmor --security options
Moderate
CVE-2025-65105
was published
for
github.com/apptainer/apptainer
(Go)
Dec 2, 2025
Singluarity ineffectively applies selinux / apparmor LSM process labels
Moderate
CVE-2025-64750
was published
for
github.com/sylabs/singularity/v4
(Go)
Dec 2, 2025
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
High
CVE-2025-62596
was published
for
youki
(Rust)
Nov 5, 2025
youki container escape via "masked path" abuse due to mount race conditions
High
CVE-2025-62161
was published
for
youki
(Rust)
Nov 5, 2025
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects
High
CVE-2025-52881
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
runc container escape with malicious config due to /dev/console mount and related races
High
CVE-2025-52565
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
runc container escape via "masked path" abuse due to mount race conditions
High
CVE-2025-31133
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
Claude Code permission deny bypass through symlink
Low
CVE-2025-59829
was published
for
@anthropic-ai/claude-code
(npm)
Oct 3, 2025
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
High
CVE-2025-59343
was published
for
tar-fs
(npm)
Sep 24, 2025
astral-tokio-tar has a path traversal in tar extraction
Moderate
CVE-2025-59825
was published
for
astral-tokio-tar
(Rust)
Sep 23, 2025
podman kube play symlink traversal vulnerability
High
CVE-2025-9566
was published
for
github.com/containers/podman/v4
(Go)
Sep 4, 2025
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Moderate
CVE-2025-57749
was published
for
n8n
(npm)
Aug 20, 2025
Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem.
High
CVE-2025-54867
was published
for
youki
(Rust)
Aug 14, 2025
ProTip!
Advisories are also available from the
GraphQL API