Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
OpenClaw contains a symlink traversal vulnerability Moderate
CVE-2026-43570 was published for openclaw (npm) May 5, 2026
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace High
CVE-2026-39861 was published for @anthropic-ai/claude-code (npm) Apr 21, 2026
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates High
CVE-2026-35525 was published for liquidjs (npm) Apr 8, 2026
Jvr2022 Credited to Jvr2022
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host High
CVE-2026-41364 was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
YLChen-007 Credited to YLChen-007
OpenClaw: Reject symlinks in local skill packaging script Moderate
CVE-2026-27485 was published for openclaw (npm) Feb 20, 2026
aether-ai-agent Credited to aether-ai-agent
Claude Code has Permission Deny Bypass Through Symbolic Links Low
CVE-2026-25724 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass Moderate
CVE-2026-24047 was published for @backstage/cli-common (npm) Jan 21, 2026
Claude Code permission deny bypass through symlink Low
CVE-2025-59829 was published for @anthropic-ai/claude-code (npm) Oct 3, 2025
lukaselmer Credited to lukaselmer and cai0duque cai0duque cai0duque
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00 Credited to Mahmoud0x00
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following High
CVE-2021-39134 was published for @npmcli/arborist (npm) Aug 31, 2021
ginkoid Credited to ginkoid and chen-robert chen-robert chen-robert
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist High
CVE-2021-39135 was published for @npmcli/arborist (npm) Aug 31, 2021
JarLob Credited to JarLob and KateCatlin KateCatlin KateCatlin
Arbitrary File Write in npm High
CVE-2019-16775 was published for npm (npm) Dec 13, 2019
DanielRuf Credited to DanielRuf
ProTip! Advisories are also available from the GraphQL API