GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
96
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
High
CVE-2021-39135
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
High
CVE-2021-39134
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Moderate
CVE-2025-57749
was published
for
n8n
(npm)
Aug 20, 2025
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
High
CVE-2025-59343
was published
for
tar-fs
(npm)
Sep 24, 2025
Claude Code permission deny bypass through symlink
Low
CVE-2025-59829
was published
for
@anthropic-ai/claude-code
(npm)
Oct 3, 2025
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Moderate
CVE-2026-24047
was published
for
@backstage/cli-common
(npm)
Jan 21, 2026
Claude Code has Permission Deny Bypass Through Symbolic Links
Low
CVE-2026-25724
was published
for
@anthropic-ai/claude-code
(npm)
Feb 6, 2026
OpenClaw: Reject symlinks in local skill packaging script
Moderate
CVE-2026-27485
was published
for
openclaw
(npm)
Feb 20, 2026
OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
Moderate
CVE-2026-35632
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
High
CVE-2026-41364
was published
for
openclaw
(npm)
Apr 2, 2026
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
High
CVE-2026-35525
was published
for
liquidjs
(npm)
Apr 8, 2026
Duplicate Advisory: OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
Moderate
GHSA-pmf3-2q63-jmp6
was published
for
openclaw
(npm)
Apr 10, 2026
•
withdrawn
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace
High
CVE-2026-39861
was published
for
@anthropic-ai/claude-code
(npm)
Apr 21, 2026
OpenClaw contains a symlink traversal vulnerability
Moderate
CVE-2026-43570
was published
for
openclaw
(npm)
May 5, 2026
ProTip!
Advisories are also available from the
GraphQL API