Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

589 advisories

Loading
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to... High Unreviewed
CVE-2026-11322 was published Jun 5, 2026
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows... High Unreviewed
CVE-2026-49135 was published Jun 1, 2026
Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path High
CVE-2026-41236 was published for froxlor/froxlor (Composer) May 29, 2026
larlarua Credited to larlarua
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace... High Unreviewed
CVE-2026-9804 was published May 28, 2026
Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit... High Unreviewed
CVE-2026-48921 was published May 27, 2026
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside... High Unreviewed
CVE-2026-42497 was published May 26, 2026
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local... High Unreviewed
CVE-2025-71212 was published May 21, 2026
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote... High Unreviewed
CVE-2026-44051 was published May 21, 2026
Improper link resolution before file access ('link following') in Azure Portal Windows Admin... High Unreviewed
CVE-2026-42834 was published May 20, 2026
Improper link resolution before file access ('link following') in Microsoft Defender allows an... High Unreviewed
CVE-2026-41091 was published May 20, 2026
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system... High Unreviewed
CVE-2026-43619 was published May 20, 2026
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree High
CVE-2026-45539 was published for apm (pip) May 18, 2026
thesmartshadow Credited to thesmartshadow
Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update High
CVE-2026-44881 was published for github.com/portainer/portainer (Go) May 14, 2026
b-hermes Credited to b-hermes
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a... High Unreviewed
CVE-2025-27850 was published May 13, 2026
PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` High
CVE-2026-44340 was published for PraisonAI (pip) May 11, 2026
DHIRAL2908 Credited to DHIRAL2908
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2021-47949 was published May 10, 2026
vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape High
CVE-2026-43998 was published for vm2 (npm) May 7, 2026
bugbunny-research Credited to bugbunny-research
gix-fs: Symlink prefix-reuse allows worktree escape during checkout High
CVE-2026-44471 was published for gix-fs (Rust) May 7, 2026
LawnGnome Credited to LawnGnome
apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root High
CVE-2026-42574 was published for chainguard.dev/apko (Go) May 4, 2026
1seal Credited to 1seal, antitree, markusthoemmes, and vamsik2k5 antitree antitree
markusthoemmes markusthoemmes vamsik2k5 vamsik2k5
Contras Affected by CopyFile Policy Subversion via Symlinks High
GHSA-rh99-wc69-c255 was published for github.com/edgelesssys/contrast (Go) Apr 30, 2026
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1... High Unreviewed
CVE-2026-41882 was published Apr 30, 2026
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM... High Unreviewed
CVE-2026-5161 was published Apr 29, 2026
Duplicate Advisory: OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host High
GHSA-5799-3xg7-rfrv was published for openclaw (npm) Apr 28, 2026 withdrawn
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary... High Unreviewed
CVE-2026-33694 was published Apr 23, 2026
OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR High
CVE-2026-41433 was published for go.opentelemetry.io/obi (Go) Apr 17, 2026
MrAlias Credited to MrAlias and arminru arminru arminru
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database