GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,277
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,489
Swift
61
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of...
High
Unreviewed
CVE-2026-39822
was published
Jul 8, 2026
pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in...
High
Unreviewed
CVE-2026-56815
was published
Jun 23, 2026
Arbitrary host CRI log file read via symlink following in CRI checkpoint restore
High
CVE-2026-53489
was published
for
github.com/containerd/containerd/v2
(Go)
Jun 19, 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0)...
High
Unreviewed
CVE-2026-54420
was published
Jun 14, 2026
skillctl: Path traversal and symlink-follow in skillctl allow arbitrary file disclosure and deletion
High
GHSA-wx3m-whqv-xv47
was published
for
skillctl
(Rust)
Jun 5, 2026
Docker: Race condition in docker cp allows bind mount redirection to host path
High
CVE-2026-42306
was published
for
github.com/docker/docker
(Go)
May 18, 2026
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload...
High
Unreviewed
CVE-2026-41937
was published
May 14, 2026
Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin...
High
Unreviewed
CVE-2026-6475
was published
May 14, 2026
pgAdmin 4 File Manager has symbolic-link path traversal
High
CVE-2026-7819
was published
for
pgadmin4
(pip)
May 11, 2026
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing...
High
Unreviewed
CVE-2026-29203
was published
May 8, 2026
Kata Container has CopyFile Policy Subversion via Symlinks
High
CVE-2026-41326
was published
for
github.com/kata-containers/kata-containers
(Go)
May 4, 2026
zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
High
CVE-2026-42275
was published
for
github.com/openziti/zrok
(Go)
Apr 25, 2026
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace
High
CVE-2026-39861
was published
for
@anthropic-ai/claude-code
(npm)
Apr 21, 2026
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS...
High
Unreviewed
CVE-2026-21916
was published
Apr 10, 2026
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
High
CVE-2026-35525
was published
for
liquidjs
(npm)
Apr 8, 2026
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
High
CVE-2026-41364
was published
for
openclaw
(npm)
Apr 2, 2026
Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following...
High
Unreviewed
CVE-2026-22767
was published
Apr 1, 2026
onnx Vulnerable to Path Traversal via Symlink
High
CVE-2026-27489
was published
for
onnx
(pip)
Mar 31, 2026
Jenkins has a link following vulnerability allows arbitrary file creation
High
CVE-2026-33001
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 18, 2026
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through...
High
Unreviewed
CVE-2026-24018
was published
Mar 10, 2026
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an...
High
Unreviewed
CVE-2025-33225
was published
Dec 16, 2025
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip
High
CVE-2025-67818
was published
for
github.com/weaviate/weaviate
(Go)
Dec 12, 2025
WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated...
High
Unreviewed
CVE-2025-66431
was published
Dec 3, 2025
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
High
CVE-2025-62596
was published
for
youki
(Rust)
Nov 5, 2025
youki container escape via "masked path" abuse due to mount race conditions
High
CVE-2025-62161
was published
for
youki
(Rust)
Nov 5, 2025
ProTip!
Advisories are also available from the
GraphQL API