GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
95 advisories
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
High
CVE-2026-35525
was published
for
liquidjs
(npm)
Apr 8, 2026
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
Moderate
GHSA-fv94-qvg8-xqpw
was published
for
openclaw
(npm)
Apr 2, 2026
ONNX: External Data Symlink Traversal
Moderate
CVE-2026-34447
was published
for
onnx
(pip)
Apr 1, 2026
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Moderate
CVE-2026-34446
was published
for
onnx
(pip)
Apr 1, 2026
onnx Vulnerable to Path Traversal via Symlink
High
CVE-2026-27489
was published
for
onnx
(pip)
Mar 31, 2026
Incus vulnerable to local privilege escalation through VM screenshot path
Moderate
CVE-2026-33711
was published
for
github.com/lxc/incus/v6
(Go)
Mar 27, 2026
OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
High
GHSA-7xr2-q9vf-x4r5
was published
for
openclaw
(npm)
Mar 26, 2026
tar-rs `unpack_in` can chmod arbitrary directories by following symlinks
Moderate
CVE-2026-33056
was published
for
tar
(Rust)
Mar 20, 2026
Jenkins has a link following vulnerability allows arbitrary file creation
High
CVE-2026-33001
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 18, 2026
OpenClaw: Reject symlinks in local skill packaging script
Moderate
CVE-2026-27485
was published
for
openclaw
(npm)
Feb 20, 2026
Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true
Moderate
CVE-2026-23986
was published
for
copier
(pip)
Jan 21, 2026
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false
Moderate
CVE-2026-23968
was published
for
copier
(pip)
Jan 21, 2026
Static Web Server vulnerable to a symbolic link path traversal
Moderate
CVE-2025-67487
was published
for
static-web-server
(Rust)
Dec 8, 2025
ProTip!
Advisories are also available from the
GraphQL API