GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Incus has an arbitrary file write on its client due to trusted image hash
Critical
CVE-2026-48769
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has an argument injection in backup compression algorithm leading to AFW and ACE
Critical
CVE-2026-48755
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has an arbitrary file write via path traversal in S3 multipart upload
Critical
CVE-2026-48753
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has arbitrary file read+write on host via templates/ symlink in malicious image
Critical
CVE-2026-48752
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has a restricted project bypass leading to arbitrary command execution
Critical
CVE-2026-48751
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has an arbitrary file write on host via `exec-output` symlink in crafted image
Critical
CVE-2026-48750
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image
Critical
CVE-2026-48749
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
ProTip!
Advisories are also available from the
GraphQL API