GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
96
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Cargo crates in third party registries can override the cached source of other crates
Moderate
CVE-2026-5223
was published
for
cargo
(Rust)
Jun 26, 2026
OpenTofu: Provider cache installation follows root-module-controlled package directory symlink and writes outside the working tree
Moderate
GHSA-wcmj-x466-56mm
was published
for
github.com/opentofu/opentofu
(Go)
Jun 23, 2026
runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations
Moderate
CVE-2026-41579
was published
for
github.com/opencontainers/runc
(Go)
Jun 22, 2026
ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer
Moderate
GHSA-wvrh-2f4m-924v
was published
for
ChatterBot
(pip)
Jun 19, 2026
BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-10284
Moderate
CVE-2026-12565
was published
for
bbot
(pip)
Jun 18, 2026
PDM: Project-Local State and Config Writes Follow Symlinks
Moderate
CVE-2026-47763
was published
for
pdm
(pip)
Jun 10, 2026
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
Moderate
CVE-2026-41568
was published
for
github.com/docker/docker
(Go)
May 18, 2026
OpenClaw contains a symlink traversal vulnerability
Moderate
CVE-2026-43570
was published
for
openclaw
(npm)
May 5, 2026
uutils coreutils has a UNIX Symbolic Link (Symlink) Following issue
Moderate
CVE-2026-35372
was published
for
coreutils
(Rust)
Apr 22, 2026
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback
Moderate
CVE-2026-28684
was published
for
python-dotenv
(pip)
Apr 21, 2026
Duplicate Advisory: OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
Moderate
GHSA-pmf3-2q63-jmp6
was published
for
openclaw
(npm)
Apr 10, 2026
•
withdrawn
ONNX: External Data Symlink Traversal
Moderate
CVE-2026-34447
was published
for
onnx
(pip)
Apr 1, 2026
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Moderate
CVE-2026-34446
was published
for
onnx
(pip)
Apr 1, 2026
Incus vulnerable to local privilege escalation through VM screenshot path
Moderate
CVE-2026-33711
was published
for
github.com/lxc/incus/v6
(Go)
Mar 27, 2026
OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
Moderate
CVE-2026-35632
was published
for
openclaw
(npm)
Mar 26, 2026
tar-rs `unpack_in` can chmod arbitrary directories by following symlinks
Moderate
CVE-2026-33056
was published
for
tar
(Rust)
Mar 20, 2026
OpenClaw: Reject symlinks in local skill packaging script
Moderate
CVE-2026-27485
was published
for
openclaw
(npm)
Feb 20, 2026
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Moderate
CVE-2026-24047
was published
for
@backstage/cli-common
(npm)
Jan 21, 2026
Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true
Moderate
CVE-2026-23986
was published
for
copier
(pip)
Jan 21, 2026
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false
Moderate
CVE-2026-23968
was published
for
copier
(pip)
Jan 21, 2026
Static Web Server vulnerable to a symbolic link path traversal
Moderate
CVE-2025-67487
was published
for
static-web-server
(Rust)
Dec 8, 2025
Apptainer ineffectively applies selinux and apparmor --security options
Moderate
CVE-2025-65105
was published
for
github.com/apptainer/apptainer
(Go)
Dec 2, 2025
Singluarity ineffectively applies selinux / apparmor LSM process labels
Moderate
CVE-2025-64750
was published
for
github.com/sylabs/singularity/v4
(Go)
Dec 2, 2025
astral-tokio-tar has a path traversal in tar extraction
Moderate
CVE-2025-59825
was published
for
astral-tokio-tar
(Rust)
Sep 23, 2025
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Moderate
CVE-2025-57749
was published
for
n8n
(npm)
Aug 20, 2025
ProTip!
Advisories are also available from the
GraphQL API