Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

906 advisories

Loading
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote... Critical Unreviewed
CVE-2026-20180 was published Apr 15, 2026
A malicious actor with access to the UniFi Play network could exploit a Path Traversal... Critical Unreviewed
CVE-2026-22562 was published Apr 14, 2026
excel-mcp-server has a Path Traversal issue Critical
CVE-2026-40576 was published for excel-mcp-server (pip) Apr 14, 2026
hits313 Credited to hits313
Daptin has Unauthenticated Path Traversal and Zip Slip Critical
GHSA-9cp7-j3f8-p5jx was published for github.com/daptin/daptin (Go) Apr 10, 2026
gramps-webapi: Zip Slip Path Traversal in Media Archive Import Critical
CVE-2026-40258 was published for gramps-webapi (pip) Apr 10, 2026
srisowmya2000 Credited to srisowmya2000
PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack` Critical
CVE-2026-40157 was published for PraisonAI (pip) Apr 10, 2026
Mundi-Xu Credited to Mundi-Xu
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file... Critical Unreviewed
CVE-2026-6057 was published Apr 10, 2026
Emmett has a path traversal in internal assets handler Critical
CVE-2026-39847 was published for emmett (pip) Apr 8, 2026
PraisonAI Has Path Traversal in FileTools Critical
CVE-2026-35615 was published for PraisonAI (pip) Apr 6, 2026
kritsana-chaikaew Credited to kritsana-chaikaew
PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator Critical
CVE-2026-39305 was published for PraisonAI (pip) Apr 6, 2026
liyander Credited to liyander
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin... Critical Unreviewed
CVE-2019-25687 was published Apr 5, 2026
goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Critical
CVE-2026-35471 was published for github.com/patrickhener/goshs (Go) Apr 3, 2026
autobot23920 Credited to autobot23920
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal... Critical Unreviewed
CVE-2026-28373 was published Apr 3, 2026
goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload Critical
CVE-2026-35393 was published for github.com/patrickhener/goshs (Go) Apr 3, 2026
autobot23920 Credited to autobot23920
goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload Critical
CVE-2026-35392 was published for github.com/patrickhener/goshs (Go) Apr 3, 2026
autobot23920 Credited to autobot23920
An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows... Critical Unreviewed
CVE-2026-30285 was published Mar 31, 2026
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77... Critical Unreviewed
CVE-2026-30282 was published Mar 31, 2026
An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows... Critical Unreviewed
CVE-2026-30286 was published Mar 31, 2026
An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows... Critical Unreviewed
CVE-2026-30278 was published Mar 31, 2026
An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3... Critical Unreviewed
CVE-2026-30283 was published Mar 31, 2026
Incus has an abitrary file write through its systemd-creds options Critical
CVE-2026-33945 was published for github.com/lxc/incus/v6 (Go) Mar 27, 2026
stgraber Credited to stgraber, grmpyninja, and stamparm grmpyninja grmpyninja
stamparm stamparm
SiYuan has directory traversal within its publishing service Critical
CVE-2026-33670 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 25, 2026
CongSec Credited to CongSec
A parsing issue in the handling of directory paths was addressed with improved path validation.... Critical Unreviewed
CVE-2026-28827 was published Mar 25, 2026
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and... Critical Unreviewed
CVE-2026-20688 was published Mar 25, 2026
Langflow has an Arbitrary File Write (RCE) via v2 API Critical
CVE-2026-33309 was published for langflow (pip) Mar 19, 2026
akshatgit Credited to akshatgit, abhinavagarwal07, Jkavia, and andifilhohub abhinavagarwal07 abhinavagarwal07
Jkavia Jkavia andifilhohub andifilhohub
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database