Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server High
GHSA-7cx2-g3h9-382p was published for crawl4ai (pip) Jun 16, 2026
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree High
CVE-2026-45539 was published for apm (pip) May 18, 2026
thesmartshadow Credited to thesmartshadow
PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` High
CVE-2026-44340 was published for PraisonAI (pip) May 11, 2026
DHIRAL2908 Credited to DHIRAL2908
Weblate: Arbitrary File Read via Symlink High
CVE-2026-34242 was published for weblate (pip) Apr 16, 2026
DavidCarliez Credited to DavidCarliez
ONNX: TOCTOU arbitrary file read/write in save_external_dat High
GHSA-q56x-g2fj-4rj6 was published for onnx (pip) Apr 1, 2026
tsigouris007 Credited to tsigouris007 and kpatsakis kpatsakis kpatsakis
BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction High
CVE-2026-27905 was published for bentoml (pip) Mar 3, 2026
q1uf3ng Credited to q1uf3ng
Weblate has an arbitrary file read via symbolic links High
CVE-2025-68279 was published for Weblate (pip) Dec 18, 2025
secjson Credited to secjson and nijel nijel nijel
GluonCV Arbitrary File Write via TarSlip High
CVE-2024-12216 was published for gluoncv (pip) Mar 20, 2025
PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles High
CVE-2014-1932 was published for pillow (pip) May 17, 2022
SaltStack Salt Insecure Temporary File Creation High
CVE-2014-3563 was published for salt (pip) May 17, 2022
Improper Link Resolution Before File Access in logilab-commons High
CVE-2014-1838 was published for logilab-common (pip) May 14, 2022
Numpy arbitrary file write via symlink attack High
CVE-2014-1859 was published for numpy (pip) May 14, 2022
jhutchings1 Credited to jhutchings1
Mercurial missing symlink check High
CVE-2017-1000115 was published for mercurial (pip) May 14, 2022
Ansible Sandbox Escape via Symlink Attack High
CVE-2015-6240 was published for ansible (pip) May 13, 2022
SoSReport Predictable Tmp File Names High
CVE-2015-7529 was published for sosreport (pip) May 13, 2022
Link Following in ansible High
CVE-2016-3096 was published for ansible (pip) Oct 10, 2018
Pyro mishandles pid files in temporary directory locations and opening the pid file as root High
CVE-2011-2765 was published for pyro (pip) Aug 21, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database