GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
96
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
64 advisories
Filter by severity
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
High
CVE-2021-39134
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following
High
CVE-2023-25152
was published
for
github.com/pterodactyl/wings
(Go)
Feb 8, 2023
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Moderate
CVE-2022-24904
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 23, 2022
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
Moderate
CVE-2021-4287
was published
for
binwalk
(pip)
Dec 27, 2022
Kubernetes kubectl cp Vulnerable to Symlink Attack
Moderate
CVE-2019-11251
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Moderate
CVE-2024-47877
was published
for
github.com/codeclysm/extract
(Go)
Oct 11, 2024
Insecure Temporary File usage in github.com/golang/glog
Moderate
CVE-2024-45339
was published
for
github.com/golang/glog
(Go)
Jan 28, 2025
runc can be confused to create empty files/directories on the host
Moderate
CVE-2024-45310
was published
for
github.com/opencontainers/runc
(Go)
Sep 3, 2024
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
High
CVE-2021-39135
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write
High
CVE-2025-29787
was published
for
zip
(Rust)
Mar 17, 2025
In aiohttp, compressed files as symlinks are not protected from path traversal
Moderate
CVE-2024-42367
was published
for
aiohttp
(pip)
Aug 9, 2024
Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem.
High
CVE-2025-54867
was published
for
youki
(Rust)
Aug 14, 2025
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Moderate
CVE-2025-57749
was published
for
n8n
(npm)
Aug 20, 2025
Claude Code permission deny bypass through symlink
Low
CVE-2025-59829
was published
for
@anthropic-ai/claude-code
(npm)
Oct 3, 2025
AWS SAM CLI Path Traversal allows file copy to build container
Moderate
CVE-2025-3047
was published
for
aws-sam-cli
(pip)
Mar 31, 2025
AWS SAM CLI Path Traversal allows file copy to local cache
Moderate
CVE-2025-3048
was published
for
aws-sam-cli
(pip)
Mar 31, 2025
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
High
CVE-2025-59343
was published
for
tar-fs
(npm)
Sep 24, 2025
runc container escape via "masked path" abuse due to mount race conditions
High
CVE-2025-31133
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
runc container escape with malicious config due to /dev/console mount and related races
High
CVE-2025-52565
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects
High
CVE-2025-52881
was published
for
github.com/opencontainers/runc
(Go)
Nov 5, 2025
youki container escape via "masked path" abuse due to mount race conditions
High
CVE-2025-62161
was published
for
youki
(Rust)
Nov 5, 2025
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
High
CVE-2025-62596
was published
for
youki
(Rust)
Nov 5, 2025
astral-tokio-tar has a path traversal in tar extraction
Moderate
CVE-2025-59825
was published
for
astral-tokio-tar
(Rust)
Sep 23, 2025
Apptainer ineffectively applies selinux and apparmor --security options
Moderate
CVE-2025-65105
was published
for
github.com/apptainer/apptainer
(Go)
Dec 2, 2025
ProTip!
Advisories are also available from the
GraphQL API