GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`
Moderate
GHSA-5cxw-w2xg-2m8h
was published
for
fickling
(pip)
Mar 13, 2026
Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked
High
GHSA-wccx-j62j-r448
was published
for
fickling
(pip)
Mar 4, 2026
pnpm has symlink traversal in file:/git dependencies
Moderate
CVE-2026-24056
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin
Moderate
CVE-2026-23890
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm has Windows-specific tarball Path Traversal
Moderate
CVE-2026-23889
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)
Moderate
CVE-2026-23888
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm has Path Traversal via arbitrary file permission modification
Moderate
CVE-2026-24131
was published
for
pnpm
(npm)
Jan 26, 2026
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
High
CVE-2026-22609
was published
for
fickling
(pip)
Jan 9, 2026
ProTip!
Advisories are also available from the
GraphQL API