GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Pyro mishandles pid files in temporary directory locations and opening the pid file as root
High
CVE-2011-2765
was published
for
pyro
(pip)
Aug 21, 2018
SoSReport Predictable Tmp File Names
High
CVE-2015-7529
was published
for
sosreport
(pip)
May 13, 2022
Ansible Sandbox Escape via Symlink Attack
High
CVE-2015-6240
was published
for
ansible
(pip)
May 13, 2022
Mercurial missing symlink check
High
CVE-2017-1000115
was published
for
mercurial
(pip)
May 14, 2022
Numpy arbitrary file write via symlink attack
High
CVE-2014-1859
was published
for
numpy
(pip)
May 14, 2022
Improper Link Resolution Before File Access in logilab-commons
High
CVE-2014-1838
was published
for
logilab-common
(pip)
May 14, 2022
SaltStack Salt Insecure Temporary File Creation
High
CVE-2014-3563
was published
for
salt
(pip)
May 17, 2022
PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles
High
CVE-2014-1932
was published
for
pillow
(pip)
May 17, 2022
GluonCV Arbitrary File Write via TarSlip
High
CVE-2024-12216
was published
for
gluoncv
(pip)
Mar 20, 2025
Weblate has an arbitrary file read via symbolic links
High
CVE-2025-68279
was published
for
Weblate
(pip)
Dec 18, 2025
BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction
High
CVE-2026-27905
was published
for
bentoml
(pip)
Mar 3, 2026
ONNX: TOCTOU arbitrary file read/write in save_external_dat
High
GHSA-q56x-g2fj-4rj6
was published
for
onnx
(pip)
Apr 1, 2026
Weblate: Arbitrary File Read via Symlink
High
CVE-2026-34242
was published
for
weblate
(pip)
Apr 16, 2026
PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`
High
CVE-2026-44340
was published
for
PraisonAI
(pip)
May 11, 2026
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree
High
CVE-2026-45539
was published
for
apm
(pip)
May 18, 2026
Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server
High
GHSA-7cx2-g3h9-382p
was published
for
crawl4ai
(pip)
Jun 16, 2026
py7zr: Arbitrary File Write Vulnerability
High
CVE-2026-23879
was published
for
py7zr
(pip)
Jun 19, 2026
ProTip!
Advisories are also available from the
GraphQL API