Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
sondt99 Credited to sondt99
Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory Moderate
CVE-2026-53765 was published for chrome-devtools-mcp (npm) Jun 17, 2026
enable7997 Credited to enable7997
Duplicate Advisory: OpenClaw has browser trace/download path symlink escape in temp output handling Moderate
GHSA-ffr4-mrhv-vfr2 was published for openclaw (npm) Mar 21, 2026 withdrawn
Duplicate Advisory: OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace Moderate
GHSA-2cwr-f5hx-gg3w was published for openclaw (npm) Mar 19, 2026 withdrawn
OpenClaw has agent avatar symlink traversal in gateway session metadata Moderate
GHSA-9mph-4f7v-fmvh was published for openclaw (npm) Mar 4, 2026
OpenClaw: Unified root-bound write hardening for browser output and related path-boundary flows Moderate
CVE-2026-22180 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host Moderate
CVE-2026-32043 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's avatar symlink traversal can expose out-of-workspace local files Moderate
CVE-2026-32024 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has browser trace/download path symlink escape in temp output handling Moderate
CVE-2026-32054 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
pnpm has symlink traversal in file:/git dependencies Moderate
CVE-2026-24056 was published for pnpm (npm) Jan 26, 2026
mldangelo Credited to mldangelo
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass Moderate
CVE-2026-24047 was published for @backstage/cli-common (npm) Jan 21, 2026
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00 Credited to Mahmoud0x00
Ghost vulnerable to arbitrary file read via symlinks in content import Moderate
CVE-2023-40028 was published for ghost (npm) Aug 15, 2023
ixSly Credited to ixSly
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7653 was published for snyk-broker (npm) Jun 3, 2020
ProTip! Advisories are also available from the GraphQL API