Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,483 advisories

Loading
ONNX: External Data Symlink Traversal Moderate
CVE-2026-34447 was published for onnx (pip) Apr 1, 2026
jayashwaS Credited to jayashwaS
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load Moderate
CVE-2026-34446 was published for onnx (pip) Apr 1, 2026
ZeroXJacks Credited to ZeroXJacks
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an... Moderate Unreviewed
CVE-2026-20174 was published Apr 1, 2026
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00... Moderate Unreviewed
CVE-2026-27101 was published Apr 1, 2026
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged... Moderate Unreviewed
CVE-2026-28265 was published Apr 1, 2026
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the... Moderate Unreviewed
CVE-2026-5258 was published Apr 1, 2026
OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image Moderate
GHSA-qf48-qfv4-jjm9 was published for openclaw (npm) Mar 31, 2026
ADumpling Credited to ADumpling
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function... Moderate Unreviewed
CVE-2026-5203 was published Mar 31, 2026
Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation Moderate
CVE-2026-33027 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
dapickle Credited to dapickle
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function... Moderate Unreviewed
CVE-2026-5014 was published Mar 28, 2026
A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join... Moderate Unreviewed
CVE-2026-5013 was published Mar 28, 2026
A security vulnerability has been detected in z-9527 admin up to... Moderate Unreviewed
CVE-2026-4999 was published Mar 28, 2026
A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the... Moderate Unreviewed
CVE-2026-4997 was published Mar 28, 2026
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions` Moderate
CVE-2026-28786 was published for open-webui (pip) Mar 27, 2026
akshatgit Credited to akshatgit
Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over... Moderate Unreviewed
CVE-2026-4619 was published Mar 27, 2026
When dovecot has been configured to use per-domain passwd files, and they are placed one path... Moderate Unreviewed
CVE-2026-0394 was published Mar 27, 2026
A malicious SCP server can send unexpected paths that could make the client application override... Moderate Unreviewed
CVE-2026-0964 was published Mar 26, 2026
Mattermost allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration Moderate
CVE-2026-3112 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 26, 2026
Saloon has a Fixture Name Path Traversal Vulnerability Moderate
CVE-2026-33183 was published for saloonphp/saloon (Composer) Mar 25, 2026
HuajiHD Credited to HuajiHD, JonPurvis, and Sammyjo20 JonPurvis JonPurvis
Sammyjo20 Sammyjo20
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2026-32567 was published Mar 25, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2026-32496 was published Mar 25, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2026-25328 was published Mar 25, 2026
A path handling issue was addressed with improved validation. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-28816 was published Mar 25, 2026
GoDoxy has a Path Traversal Vulnerability in its File API Moderate
CVE-2026-33528 was published for github.com/yusing/godoxy (Go) Mar 24, 2026
ormzro Credited to ormzro
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the... Moderate Unreviewed
CVE-2026-4542 was published Mar 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database