GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,277
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,489
Swift
61
Unreviewed advisories
All unreviewed
5,000+
608 advisories
Filter by severity
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver...
High
Unreviewed
CVE-2026-14891
was published
Jul 8, 2026
AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and...
High
Unreviewed
CVE-2026-14904
was published
Jul 7, 2026
chmod: --preserve-root bypassed by any path that resolves to root (e.g. /../)
High
CVE-2026-35338
was published
for
uu_chmod
(Rust)
Jul 6, 2026
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based)...
High
Unreviewed
CVE-2026-57991
was published
Jul 3, 2026
`oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution
High
CVE-2026-50163
was published
for
oras.land/oras-go/v2
(Go)
Jul 1, 2026
Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution...
High
Unreviewed
CVE-2026-41121
was published
Jul 1, 2026
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based...
High
Unreviewed
CVE-2026-54369
was published
Jun 29, 2026
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr...
High
Unreviewed
CVE-2026-54371
was published
Jun 29, 2026
ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows...
High
Unreviewed
CVE-2026-35025
was published
Jun 24, 2026
skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
High
GHSA-74p7-6h78-gw8p
was published
for
skillctl
(Rust)
Jun 22, 2026
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution...
High
Unreviewed
CVE-2026-44274
was published
Jun 22, 2026
py7zr: Arbitrary File Write Vulnerability
High
CVE-2026-23879
was published
for
py7zr
(pip)
Jun 19, 2026
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
High
Unreviewed
CVE-2026-50656
was published
Jun 16, 2026
Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server
High
GHSA-7cx2-g3h9-382p
was published
for
crawl4ai
(pip)
Jun 16, 2026
A symlink following vulnerability was found in the ABRT post-create event handler scripts in...
High
Unreviewed
CVE-2026-54230
was published
Jun 13, 2026
A local privilege escalation vulnerability was found in the ansible.posix authorized_key module....
High
Unreviewed
CVE-2026-11837
was published
Jun 10, 2026
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an...
High
Unreviewed
CVE-2026-50511
was published
Jun 9, 2026
Improper link resolution before file access ('link following') in Windows Collaborative...
High
Unreviewed
CVE-2026-45586
was published
Jun 9, 2026
Improper link resolution before file access ('link following') in Winlogon allows an authorized...
High
Unreviewed
CVE-2026-42989
was published
Jun 9, 2026
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to...
High
Unreviewed
CVE-2026-11322
was published
Jun 5, 2026
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows...
High
Unreviewed
CVE-2026-49135
was published
Jun 1, 2026
Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path
High
CVE-2026-41236
was published
for
froxlor/froxlor
(Composer)
May 29, 2026
KubeVirt has a Link Following issue
High
CVE-2026-9804
was published
for
kubevirt.io/kubevirt
(Go)
May 28, 2026
Jenkins Pipeline: Groovy Libraries Plugin does not prohibit symbolic links in shared libraries
High
CVE-2026-48921
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
May 27, 2026
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside...
High
Unreviewed
CVE-2026-42497
was published
May 26, 2026
ProTip!
Advisories are also available from the
GraphQL API