Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

64 advisories

Loading
onnx Vulnerable to Path Traversal via Symlink High
CVE-2026-27489 was published for onnx (pip) Mar 31, 2026
pi3ch Credited to pi3ch
Incus vulnerable to local privilege escalation through VM screenshot path Moderate
CVE-2026-33711 was published for github.com/lxc/incus/v6 (Go) Mar 27, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
YLChen-007 Credited to YLChen-007
tar-rs `unpack_in` can chmod arbitrary directories by following symlinks Moderate
CVE-2026-33056 was published for tar (Rust) Mar 20, 2026
xokdvium Credited to xokdvium
Jenkins has a link following vulnerability allows arbitrary file creation High
CVE-2026-33001 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 18, 2026
bboe Credited to bboe
OpenClaw: Reject symlinks in local skill packaging script Moderate
CVE-2026-27485 was published for openclaw (npm) Feb 20, 2026
aether-ai-agent Credited to aether-ai-agent
Claude Code has Permission Deny Bypass Through Symbolic Links Low
CVE-2026-25724 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass Moderate
CVE-2026-24047 was published for @backstage/cli-common (npm) Jan 21, 2026
cbrown1234 Credited to cbrown1234 and sisp sisp sisp
sisp Credited to sisp and cbrown1234 cbrown1234 cbrown1234
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip High
CVE-2025-67818 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
Static Web Server vulnerable to a symbolic link path traversal Moderate
CVE-2025-67487 was published for static-web-server (Rust) Dec 8, 2025
joseluisq Credited to joseluisq
Apptainer ineffectively applies selinux and apparmor --security options Moderate
CVE-2025-65105 was published for github.com/apptainer/apptainer (Go) Dec 2, 2025
dtrudg Credited to dtrudg
Singluarity ineffectively applies selinux / apparmor LSM process labels Moderate
CVE-2025-64750 was published for github.com/sylabs/singularity/v4 (Go) Dec 2, 2025
saku3 Credited to saku3 and cyphar cyphar cyphar
youki container escape via "masked path" abuse due to mount race conditions High
CVE-2025-62161 was published for youki (Rust) Nov 5, 2025
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects High
CVE-2025-52881 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
tonistiigi Credited to tonistiigi, cyphar, lifubang, OddBloke, and olsova cyphar cyphar
lifubang lifubang OddBloke OddBloke olsova olsova
runc container escape with malicious config due to /dev/console mount and related races High
CVE-2025-52565 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 Credited to ssst0n3, lifubang, and cyphar lifubang lifubang
cyphar cyphar
runc container escape via "masked path" abuse due to mount race conditions High
CVE-2025-31133 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 Credited to ssst0n3, rata, kolyshkin, lifubang, and cyphar rata rata
kolyshkin kolyshkin lifubang lifubang cyphar cyphar
Claude Code permission deny bypass through symlink Low
CVE-2025-59829 was published for @anthropic-ai/claude-code (npm) Oct 3, 2025
lukaselmer Credited to lukaselmer and cai0duque cai0duque cai0duque
astral-tokio-tar has a path traversal in tar extraction Moderate
CVE-2025-59825 was published for astral-tokio-tar (Rust) Sep 23, 2025
calebbrown Credited to calebbrown, woodruffw, charliermarsh, and zanieb woodruffw woodruffw
charliermarsh charliermarsh zanieb zanieb
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99 Credited to Luap99
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00 Credited to Mahmoud0x00
saku3 Credited to saku3 and utam0k utam0k utam0k
ProTip! Advisories are also available from the GraphQL API