Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,315 advisories

Loading
Contras Affected by CopyFile Policy Subversion via Symlinks High
GHSA-rh99-wc69-c255 was published for github.com/edgelesssys/contrast (Go) Apr 30, 2026
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1... High Unreviewed
CVE-2026-41882 was published Apr 30, 2026
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function... Low Unreviewed
CVE-2026-7397 was published Apr 29, 2026
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution... Moderate Unreviewed
CVE-2026-27105 was published Apr 29, 2026
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM... High Unreviewed
CVE-2026-5161 was published Apr 29, 2026
OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload... High Unreviewed
CVE-2026-41364 was published Apr 28, 2026
When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write... Moderate Unreviewed
CVE-2026-40977 was published Apr 28, 2026
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that... Moderate Unreviewed
CVE-2026-6941 was published Apr 23, 2026
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary... High Unreviewed
CVE-2026-33694 was published Apr 23, 2026
uutils coreutils has a Link Following Issue Via rm Utility Moderate
CVE-2026-35349 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Link Following issue Moderate
CVE-2026-35359 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Link Following issue Moderate
CVE-2026-35365 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Link Following Issue Moderate
CVE-2026-35345 was published for coreutils (Rust) Apr 22, 2026
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback Moderate
CVE-2026-28684 was published for python-dotenv (pip) Apr 21, 2026
tsigouris007 Credited to tsigouris007 and bbc2 bbc2 bbc2
OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR High
CVE-2026-41433 was published for go.opentelemetry.io/obi (Go) Apr 17, 2026
MrAlias Credited to MrAlias and arminru arminru arminru
Complete Bypass of CVE-2026-24884 Patch via Git-Delivered Symlink Poisoning in compressing High
CVE-2026-40931 was published for compressing (npm) Apr 17, 2026
sachinpatilpsp Credited to sachinpatilpsp and IAMolofficial IAMolofficial IAMolofficial
Weblate: Arbitrary File Read via Symlink High
CVE-2026-34242 was published for weblate (pip) Apr 16, 2026
DavidCarliez Credited to DavidCarliez
Froxlor has Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory Ownership Takeover via Cron High
CVE-2026-41231 was published for froxlor/froxlor (Composer) Apr 16, 2026
offset Credited to offset
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated,... Moderate Unreviewed
CVE-2026-20161 was published Apr 15, 2026
During an internal security assessment, a potential vulnerability was discovered in Lenovo... Moderate Unreviewed
CVE-2026-4135 was published Apr 15, 2026
During an internal security assessment, a potential vulnerability was discovered in Lenovo... Moderate Unreviewed
CVE-2026-0827 was published Apr 15, 2026
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp... Moderate Unreviewed
CVE-2026-32212 was published Apr 14, 2026
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in... Moderate Unreviewed
CVE-2026-32282 was published Apr 8, 2026
OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal High
CVE-2026-41397 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia... High Unreviewed
CVE-2025-43257 was published Apr 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database