Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,349 advisories

Loading
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the... Moderate Unreviewed
CVE-2026-5061 was published May 12, 2026
PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` High
CVE-2026-44340 was published for PraisonAI (pip) May 11, 2026
DHIRAL2908 Credited to DHIRAL2908
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2021-47949 was published May 10, 2026
BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context Moderate
CVE-2026-40610 was published for bentoml (pip) May 7, 2026
larlarua Credited to larlarua
vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape High
CVE-2026-43998 was published for vm2 (npm) May 7, 2026
bugbunny-research Credited to bugbunny-research
gix-fs: Symlink prefix-reuse allows worktree escape during checkout High
CVE-2026-44471 was published for gix-fs (Rust) May 7, 2026
LawnGnome Credited to LawnGnome
ciguard: discover_pipeline_files follows symlinks out of scan root Low
CVE-2026-44220 was published for ciguard (pip) May 5, 2026
A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part... Moderate Unreviewed
CVE-2026-7832 was published May 5, 2026
apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root High
CVE-2026-42574 was published for chainguard.dev/apko (Go) May 4, 2026
1seal Credited to 1seal, antitree, markusthoemmes, and vamsik2k5 antitree antitree
markusthoemmes markusthoemmes vamsik2k5 vamsik2k5
Contras Affected by CopyFile Policy Subversion via Symlinks High
GHSA-rh99-wc69-c255 was published for github.com/edgelesssys/contrast (Go) Apr 30, 2026
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1... High Unreviewed
CVE-2026-41882 was published Apr 30, 2026
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution... Moderate Unreviewed
CVE-2026-27105 was published Apr 29, 2026
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function... Low Unreviewed
CVE-2026-7397 was published Apr 29, 2026
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM... High Unreviewed
CVE-2026-5161 was published Apr 29, 2026
Spring Boot's PID file write follows symlinks at predictable default path Moderate
CVE-2026-40977 was published for org.springframework.boot:spring-boot-cassandra (Maven) Apr 28, 2026
Duplicate Advisory: OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host High
GHSA-5799-3xg7-rfrv was published for openclaw (npm) Apr 28, 2026 withdrawn
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that... Moderate Unreviewed
CVE-2026-6941 was published Apr 23, 2026
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary... High Unreviewed
CVE-2026-33694 was published Apr 23, 2026
uutils coreutils has a Link Following Issue Via rm Utility Moderate
CVE-2026-35349 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Link Following issue Moderate
CVE-2026-35359 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Link Following issue Moderate
CVE-2026-35365 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Link Following Issue Moderate
CVE-2026-35345 was published for coreutils (Rust) Apr 22, 2026
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback Moderate
CVE-2026-28684 was published for python-dotenv (pip) Apr 21, 2026
tsigouris007 Credited to tsigouris007 and bbc2 bbc2 bbc2
OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR High
CVE-2026-41433 was published for go.opentelemetry.io/obi (Go) Apr 17, 2026
MrAlias Credited to MrAlias and arminru arminru arminru
Complete Bypass of CVE-2026-24884 Patch via Git-Delivered Symlink Poisoning in compressing High
CVE-2026-40931 was published for compressing (npm) Apr 17, 2026
sachinpatilpsp Credited to sachinpatilpsp and IAMolofficial IAMolofficial IAMolofficial
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database