Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

581 advisories

Loading
mv: symlinks expanded during cross-device move (resource exhaustion / data duplication) Moderate
CVE-2026-35365 was published for uu_mv (Rust) Jul 6, 2026
rm: --preserve-root bypassed via a symlink to / (string check instead of dev/inode) Moderate
CVE-2026-35349 was published for uu_rm (Rust) Jul 6, 2026
install -D: symlink race in directory creation allows arbitrary file overwrite Moderate
CVE-2026-35356 was published for uu_install (Rust) Jul 6, 2026
install: TOCTOU symlink race (unlink-then-create without O_EXCL) allows arbitrary file overwrite Moderate
CVE-2026-35355 was published for uu_install (Rust) Jul 6, 2026
Faze-up Credited to Faze-up
sondt99 Credited to sondt99
go.qbee.io/transport: Symlink-chain path traversal in tar extraction (one level outside destination) Moderate
CVE-2026-55828 was published for go.qbee.io/transport (Go) Jun 19, 2026
ttzero25 Credited to ttzero25
Hugo: Symlink confinement bypass in os.ReadFile Moderate
GHSA-c3wq-j5vh-68rc was published for github.com/gohugoio/hugo (Go) Jun 19, 2026
vnth4nhnt Credited to vnth4nhnt
Podman: WORKDIR symlink traversal vulnerability Moderate
CVE-2026-55686 was published for github.com/containers/podman/v3 (Go) Jun 18, 2026
eriksjolund Credited to eriksjolund
Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory Moderate
CVE-2026-53765 was published for chrome-devtools-mcp (npm) Jun 17, 2026
enable7997 Credited to enable7997
Hugo: Symlink confinement bypass in resources.Get Moderate
CVE-2026-50135 was published for github.com/gohugoio/hugo (Go) Jun 16, 2026
unknownhad Credited to unknownhad
LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders Moderate
CVE-2026-55443 was published for langchain (pip) Jun 16, 2026
Mistz1 Credited to Mistz1 and deprrous deprrous deprrous
Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability Moderate
CVE-2026-45491 was published for Microsoft.NETCore.App.Runtime.linux-x64 (NuGet) Jun 16, 2026
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope Moderate
CVE-2026-54094 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
DavidCarliez Credited to DavidCarliez, hacdias, m2hcz, and alanturing881 hacdias hacdias
m2hcz m2hcz alanturing881 alanturing881
ProTip! Advisories are also available from the GraphQL API