GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
96
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
Moderate
CVE-2021-4287
was published
for
binwalk
(pip)
Dec 27, 2022
In aiohttp, compressed files as symlinks are not protected from path traversal
Moderate
CVE-2024-42367
was published
for
aiohttp
(pip)
Aug 9, 2024
AWS SAM CLI Path Traversal allows file copy to build container
Moderate
CVE-2025-3047
was published
for
aws-sam-cli
(pip)
Mar 31, 2025
AWS SAM CLI Path Traversal allows file copy to local cache
Moderate
CVE-2025-3048
was published
for
aws-sam-cli
(pip)
Mar 31, 2025
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false
Moderate
CVE-2026-23968
was published
for
copier
(pip)
Jan 21, 2026
Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true
Moderate
CVE-2026-23986
was published
for
copier
(pip)
Jan 21, 2026
onnx Vulnerable to Path Traversal via Symlink
High
CVE-2026-27489
was published
for
onnx
(pip)
Mar 31, 2026
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Moderate
CVE-2026-34446
was published
for
onnx
(pip)
Apr 1, 2026
ONNX: External Data Symlink Traversal
Moderate
CVE-2026-34447
was published
for
onnx
(pip)
Apr 1, 2026
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback
Moderate
CVE-2026-28684
was published
for
python-dotenv
(pip)
Apr 21, 2026
pgAdmin 4 File Manager has symbolic-link path traversal
High
CVE-2026-7819
was published
for
pgadmin4
(pip)
May 11, 2026
PDM: Project-Local State and Config Writes Follow Symlinks
Moderate
CVE-2026-47763
was published
for
pdm
(pip)
Jun 10, 2026
BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-10284
Moderate
CVE-2026-12565
was published
for
bbot
(pip)
Jun 18, 2026
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
Critical
CVE-2026-55447
was published
for
langflow
(pip)
Jun 19, 2026
ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer
Moderate
GHSA-wvrh-2f4m-924v
was published
for
ChatterBot
(pip)
Jun 19, 2026
ProTip!
Advisories are also available from the
GraphQL API