GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write
Moderate
CVE-2026-46406
was published
for
@anthropic-ai/claude-code
(npm)
Jun 25, 2026
Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups
Moderate
GHSA-6x2m-p4xp-wg22
was published
for
network-ai
(npm)
Jun 19, 2026
Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory
Moderate
CVE-2026-53765
was published
for
chrome-devtools-mcp
(npm)
Jun 17, 2026
Duplicate Advisory: OpenClaw has browser trace/download path symlink escape in temp output handling
Moderate
GHSA-ffr4-mrhv-vfr2
was published
for
openclaw
(npm)
Mar 21, 2026
•
withdrawn
Duplicate Advisory: OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
Moderate
GHSA-2cwr-f5hx-gg3w
was published
for
openclaw
(npm)
Mar 19, 2026
•
withdrawn
OpenClaw has agent avatar symlink traversal in gateway session metadata
Moderate
GHSA-9mph-4f7v-fmvh
was published
for
openclaw
(npm)
Mar 4, 2026
OpenClaw: Unified root-bound write hardening for browser output and related path-boundary flows
Moderate
CVE-2026-22180
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
Moderate
CVE-2026-32043
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's avatar symlink traversal can expose out-of-workspace local files
Moderate
CVE-2026-32024
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has browser trace/download path symlink escape in temp output handling
Moderate
CVE-2026-32054
was published
for
openclaw
(npm)
Mar 2, 2026
pnpm has symlink traversal in file:/git dependencies
Moderate
CVE-2026-24056
was published
for
pnpm
(npm)
Jan 26, 2026
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Moderate
CVE-2026-24047
was published
for
@backstage/cli-common
(npm)
Jan 21, 2026
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Moderate
CVE-2025-57749
was published
for
n8n
(npm)
Aug 20, 2025
Ghost vulnerable to arbitrary file read via symlinks in content import
Moderate
CVE-2023-40028
was published
for
ghost
(npm)
Aug 15, 2023
Arbitrary File Read in Snyk Broker
Moderate
CVE-2020-7653
was published
for
snyk-broker
(npm)
Jun 3, 2020
ProTip!
Advisories are also available from the
GraphQL API