Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8,178 advisories

Loading
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote... Critical Unreviewed
CVE-2026-20180 was published Apr 15, 2026
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to... Moderate Unreviewed
CVE-2026-20148 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a... High Unreviewed
CVE-2026-34619 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a... High Unreviewed
CVE-2026-27305 was published Apr 15, 2026
WWBN AVideo has an Incomplete fix: Directory traversal bypass via query string in ReceiveImage downloadURL parameters Moderate
GHSA-m63r-m9jh-3vc6 was published for wwbn/avideo (Composer) Apr 14, 2026
WWBN AVideo has an incomplete fix for CVE-2026-33293: Path Traversal Moderate
GHSA-5879-4fmr-xwf2 was published for wwbn/avideo (Composer) Apr 14, 2026
WWBN AVideo has a Path Traversal in Locale Save Endpoint Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE) High
GHSA-6rc6-p838-686f was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write High
CVE-2026-40090 was published for github.com/zarf-dev/zarf (Go) Apr 14, 2026
joonas Credited to joonas
SFTP root escape via prefix-based path validation in goshs High
GHSA-5h6h-7rc9-3824 was published for github.com/patrickhener/goshs (Go) Apr 14, 2026
R1ZZG0D Credited to R1ZZG0D
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in... Moderate Unreviewed
CVE-2026-25691 was published Apr 14, 2026
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Moderate Unreviewed
CVE-2026-2399 was published Apr 14, 2026
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability... Moderate Unreviewed
CVE-2026-22573 was published Apr 14, 2026
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability... Moderate Unreviewed
CVE-2025-68649 was published Apr 14, 2026
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22]... Moderate Unreviewed
CVE-2025-61624 was published Apr 14, 2026
Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code Moderate
CVE-2026-33929 was published for org.apache.pdfbox:pdfbox-examples (Maven) Apr 14, 2026
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name`... High Unreviewed
CVE-2026-6227 was published Apr 14, 2026
gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall Moderate
GHSA-76hw-p97h-883f was published for gdown (pip) Apr 14, 2026
redyank Credited to redyank, dyingman1, drkim-dev, and HiHyeonji dyingman1 dyingman1
drkim-dev drkim-dev HiHyeonji HiHyeonji
A malicious actor with access to the UniFi Play network could exploit a Path Traversal... Critical Unreviewed
CVE-2026-22562 was published Apr 14, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server Critical
GHSA-j98m-w3xp-9f56 was published for excel-mcp-server (pip) Apr 14, 2026
hits313 Credited to hits313
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows... Moderate Unreviewed
CVE-2026-3689 was published Apr 11, 2026
Daptin has Unauthenticated Path Traversal and Zip Slip Critical
GHSA-9cp7-j3f8-p5jx was published for github.com/daptin/daptin (Go) Apr 10, 2026
gramps-webapi: Zip Slip Path Traversal in Media Archive Import Critical
CVE-2026-40258 was published for gramps-webapi (pip) Apr 10, 2026
srisowmya2000 Credited to srisowmya2000
Rembg has a Path Traversal via Custom Model Loading Moderate
CVE-2026-40086 was published for rembg (pip) Apr 10, 2026
yueyueL Credited to yueyueL
xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern Moderate
GHSA-vj8v-p5vw-m6v5 was published for xrootd (pip) Apr 10, 2026
Rydzz7 Credited to Rydzz7 and abh3 abh3 abh3
uv vulnerable to arbitrary file deletion through RECORD entries Low
GHSA-pjjw-68hj-v9mw was published for uv (pip) Apr 10, 2026
konstin Credited to konstin, zanieb, woodruffw, EliteTK, and CodeByMoriarty zanieb zanieb
woodruffw woodruffw EliteTK EliteTK CodeByMoriarty CodeByMoriarty
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database