GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
96
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
124 advisories
Filter by severity
OpenClaw: Reject symlinks in local skill packaging script
Moderate
CVE-2026-27485
was published
for
openclaw
(npm)
Feb 20, 2026
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through...
High
Unreviewed
CVE-2026-24018
was published
Mar 10, 2026
Jenkins has a link following vulnerability allows arbitrary file creation
High
CVE-2026-33001
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 18, 2026
tar-rs `unpack_in` can chmod arbitrary directories by following symlinks
Moderate
CVE-2026-33056
was published
for
tar
(Rust)
Mar 20, 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and...
Moderate
Unreviewed
CVE-2026-20694
was published
Mar 25, 2026
Incus vulnerable to local privilege escalation through VM screenshot path
Moderate
CVE-2026-33711
was published
for
github.com/lxc/incus/v6
(Go)
Mar 27, 2026
Claude Code has Permission Deny Bypass Through Symbolic Links
Low
CVE-2026-25724
was published
for
@anthropic-ai/claude-code
(npm)
Feb 6, 2026
Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following...
High
Unreviewed
CVE-2026-22767
was published
Apr 1, 2026
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Moderate
CVE-2026-34446
was published
for
onnx
(pip)
Apr 1, 2026
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2024-27872
was published
Jul 30, 2024
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma...
High
Unreviewed
CVE-2024-23285
was published
Mar 8, 2024
onnx Vulnerable to Path Traversal via Symlink
High
CVE-2026-27489
was published
for
onnx
(pip)
Mar 31, 2026
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS...
High
Unreviewed
CVE-2026-21916
was published
Apr 10, 2026
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
High
CVE-2026-35525
was published
for
liquidjs
(npm)
Apr 8, 2026
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash...
Low
Unreviewed
CVE-2026-40354
was published
Apr 11, 2026
Duplicate Advisory: OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
Moderate
GHSA-pmf3-2q63-jmp6
was published
for
openclaw
(npm)
Apr 10, 2026
•
withdrawn
OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
Moderate
CVE-2026-35632
was published
for
openclaw
(npm)
Mar 26, 2026
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback
Moderate
CVE-2026-28684
was published
for
python-dotenv
(pip)
Apr 21, 2026
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace
High
CVE-2026-39861
was published
for
@anthropic-ai/claude-code
(npm)
Apr 21, 2026
uutils coreutils has a UNIX Symbolic Link (Symlink) Following issue
Moderate
CVE-2026-35372
was published
for
coreutils
(Rust)
Apr 22, 2026
astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks
Low
GHSA-xx64-wwv2-hcqq
was published
for
astral-tokio-tar
(Rust)
May 6, 2026
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
High
CVE-2026-41364
was published
for
openclaw
(npm)
Apr 2, 2026
OpenClaw contains a symlink traversal vulnerability
Moderate
CVE-2026-43570
was published
for
openclaw
(npm)
May 5, 2026
zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
High
CVE-2026-42275
was published
for
github.com/openziti/zrok
(Go)
Apr 25, 2026
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload...
High
Unreviewed
CVE-2026-41937
was published
May 14, 2026
ProTip!
Advisories are also available from the
GraphQL API