Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

201 advisories

Loading
uv vulnerable to arbitrary file deletion through RECORD entries Low
GHSA-pjjw-68hj-v9mw was published for uv (pip) Apr 10, 2026
konstin Credited to konstin, zanieb, woodruffw, EliteTK, and CodeByMoriarty zanieb zanieb
woodruffw woodruffw EliteTK EliteTK CodeByMoriarty CodeByMoriarty
Zoraxy: Authenticated Path Traversal in Config Import leads to RCE Low
CVE-2026-33529 was published for github.com/tobychui/zoraxy (Go) Mar 25, 2026
JakePeralta7 Credited to JakePeralta7
The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all... Low Unreviewed
CVE-2026-3339 was published Mar 21, 2026
pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals. Low Unreviewed
CVE-2026-3479 was published Mar 18, 2026
Vaadin: Specially crafted ZIP archives can escape the intended extraction directory Low
CVE-2026-2741 was published for com.vaadin:flow-project (Maven) Mar 10, 2026
dbt-common's commonprefix() doesn't protect against path traversal Low
CVE-2026-29790 was published for dbt-common (pip) Mar 5, 2026
sethmlarson Credited to sethmlarson and emmyoop emmyoop emmyoop
Backstage vulnerable to potential reading of SCM URLs using built in token Low
CVE-2026-29185 was published for @backstage/integration (npm) Mar 5, 2026
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read Low
CVE-2026-32020 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an... Low Unreviewed
CVE-2026-3405 was published Mar 2, 2026
An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling... Low Unreviewed
CVE-2026-22877 was published Feb 27, 2026
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the... Low Unreviewed
CVE-2026-26228 was published Feb 26, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud... Low Unreviewed
CVE-2026-20137 was published Feb 18, 2026
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to... Low Unreviewed
CVE-2026-2419 was published Feb 18, 2026
A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker... Low Unreviewed
CVE-2026-22894 was published Feb 11, 2026
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker... Low Unreviewed
CVE-2025-66278 was published Feb 11, 2026
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker... Low Unreviewed
CVE-2025-68406 was published Feb 11, 2026
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker... Low Unreviewed
CVE-2025-58470 was published Feb 11, 2026
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker... Low Unreviewed
CVE-2025-62856 was published Feb 11, 2026
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker... Low Unreviewed
CVE-2025-62855 was published Feb 11, 2026
Vulnerability in Wikimedia Foundation Thanks. This vulnerability is associated with program files... Low Unreviewed
CVE-2025-61654 was published Feb 3, 2026
Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program... Low Unreviewed
CVE-2025-61653 was published Feb 3, 2026
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program... Low Unreviewed
CVE-2025-61658 was published Feb 3, 2026
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program... Low Unreviewed
CVE-2025-61649 was published Feb 3, 2026
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2025-61646 was published Feb 3, 2026
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2025-61641 was published Feb 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database