GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
96
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
124 advisories
Filter by severity
The txtai framework allows the loading of compressed tar files as embedding indices. While the...
High
Unreviewed
CVE-2025-10854
was published
Sep 22, 2025
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package...
Moderate
Unreviewed
CVE-2025-53881
was published
Oct 2, 2025
Claude Code permission deny bypass through symlink
Low
CVE-2025-59829
was published
for
@anthropic-ai/claude-code
(npm)
Oct 3, 2025
SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4...
Moderate
Unreviewed
CVE-2025-43991
was published
Oct 13, 2025
AWS SAM CLI Path Traversal allows file copy to build container
Moderate
CVE-2025-3047
was published
for
aws-sam-cli
(pip)
Mar 31, 2025
AWS SAM CLI Path Traversal allows file copy to local cache
Moderate
CVE-2025-3048
was published
for
aws-sam-cli
(pip)
Mar 31, 2025
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
High
CVE-2025-59343
was published
for
tar-fs
(npm)
Sep 24, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia...
High
Unreviewed
CVE-2024-44132
was published
Sep 17, 2024
runc container escape via "masked path" abuse due to mount race conditions
High
CVE-2025-31133
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
runc container escape with malicious config due to /dev/console mount and related races
High
CVE-2025-52565
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects
High
CVE-2025-52881
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
youki container escape via "masked path" abuse due to mount race conditions
High
CVE-2025-62161
was published
for
youki
(Rust)
Nov 5, 2025
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
High
CVE-2025-62596
was published
for
youki
(Rust)
Nov 5, 2025
astral-tokio-tar has a path traversal in tar extraction
Moderate
CVE-2025-59825
was published
for
astral-tokio-tar
(Rust)
Sep 23, 2025
Apptainer ineffectively applies selinux and apparmor --security options
Moderate
CVE-2025-65105
was published
for
github.com/apptainer/apptainer
(Go)
Dec 2, 2025
WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated...
High
Unreviewed
CVE-2025-66431
was published
Dec 3, 2025
Static Web Server vulnerable to a symbolic link path traversal
Moderate
CVE-2025-67487
was published
for
static-web-server
(Rust)
Dec 8, 2025
Singluarity ineffectively applies selinux / apparmor LSM process labels
Moderate
CVE-2025-64750
was published
for
github.com/sylabs/singularity/v4
(Go)
Dec 2, 2025
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an...
High
Unreviewed
CVE-2025-33225
was published
Dec 16, 2025
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip
High
CVE-2025-67818
was published
for
github.com/weaviate/weaviate
(Go)
Dec 12, 2025
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server...
Critical
Unreviewed
CVE-2025-68937
was published
Dec 26, 2025
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution...
High
Unreviewed
CVE-2025-36564
was published
Jun 3, 2025
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Moderate
CVE-2026-24047
was published
for
@backstage/cli-common
(npm)
Jan 21, 2026
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false
Moderate
CVE-2026-23968
was published
for
copier
(pip)
Jan 21, 2026
Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true
Moderate
CVE-2026-23986
was published
for
copier
(pip)
Jan 21, 2026
ProTip!
Advisories are also available from the
GraphQL API