Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

124 advisories

Loading
saku3 Credited to saku3 and utam0k utam0k utam0k
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00 Credited to Mahmoud0x00
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99 Credited to Luap99
astral-tokio-tar has a path traversal in tar extraction Moderate
CVE-2025-59825 was published for astral-tokio-tar (Rust) Sep 23, 2025
calebbrown Credited to calebbrown, woodruffw, charliermarsh, and zanieb woodruffw woodruffw
charliermarsh charliermarsh zanieb zanieb
lukaselmer Credited to lukaselmer and cai0duque cai0duque cai0duque
Claude Code permission deny bypass through symlink Low
CVE-2025-59829 was published for @anthropic-ai/claude-code (npm) Oct 3, 2025
runc container escape via "masked path" abuse due to mount race conditions High
CVE-2025-31133 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 Credited to ssst0n3, rata, kolyshkin, lifubang, and cyphar rata rata
kolyshkin kolyshkin lifubang lifubang cyphar cyphar
runc container escape with malicious config due to /dev/console mount and related races High
CVE-2025-52565 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 Credited to ssst0n3, lifubang, and cyphar lifubang lifubang
cyphar cyphar
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects High
CVE-2025-52881 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
tonistiigi Credited to tonistiigi, cyphar, lifubang, OddBloke, and olsova cyphar cyphar
lifubang lifubang OddBloke OddBloke olsova olsova
youki container escape via "masked path" abuse due to mount race conditions High
CVE-2025-62161 was published for youki (Rust) Nov 5, 2025
saku3 Credited to saku3 and cyphar cyphar cyphar
Singluarity ineffectively applies selinux / apparmor LSM process labels Moderate
CVE-2025-64750 was published for github.com/sylabs/singularity/v4 (Go) Dec 2, 2025
Apptainer ineffectively applies selinux and apparmor --security options Moderate
CVE-2025-65105 was published for github.com/apptainer/apptainer (Go) Dec 2, 2025
dtrudg Credited to dtrudg
Static Web Server vulnerable to a symbolic link path traversal Moderate
CVE-2025-67487 was published for static-web-server (Rust) Dec 8, 2025
joseluisq Credited to joseluisq
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip High
CVE-2025-67818 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API