GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
573 advisories
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
Moderate
GHSA-4xgf-cpjx-pc3j
was published
for
pydantic-settings
(pip)
Jun 19, 2026
Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups
Moderate
GHSA-6x2m-p4xp-wg22
was published
for
network-ai
(npm)
Jun 19, 2026
go.qbee.io/transport: Symlink-chain path traversal in tar extraction (one level outside destination)
Moderate
CVE-2026-55828
was published
for
go.qbee.io/transport
(Go)
Jun 19, 2026
Hugo: Symlink confinement bypass in os.ReadFile
Moderate
GHSA-c3wq-j5vh-68rc
was published
for
github.com/gohugoio/hugo
(Go)
Jun 19, 2026
Podman: WORKDIR symlink traversal vulnerability
Moderate
CVE-2026-55686
was published
for
github.com/containers/podman/v3
(Go)
Jun 18, 2026
Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory
Moderate
CVE-2026-53765
was published
for
chrome-devtools-mcp
(npm)
Jun 17, 2026
Hugo: Symlink confinement bypass in resources.Get
Moderate
CVE-2026-50135
was published
for
github.com/gohugoio/hugo
(Go)
Jun 16, 2026
LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
Moderate
GHSA-gr75-jv2w-4656
was published
for
langchain
(pip)
Jun 16, 2026
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
Moderate
CVE-2026-54094
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 12, 2026
Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta
Moderate
CVE-2026-47121
was published
for
github.com/sparkle-project/Sparkle
(Swift)
May 29, 2026
ProTip!
Advisories are also available from the
GraphQL API