GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,483 advisories
gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall
Moderate
CVE-2026-40491
was published
for
gdown
(pip)
Apr 14, 2026
Rembg has a Path Traversal via Custom Model Loading
Moderate
CVE-2026-40086
was published
for
rembg
(pip)
Apr 10, 2026
xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern
Moderate
GHSA-vj8v-p5vw-m6v5
was published
for
xrootd
(pip)
Apr 10, 2026
PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary
Moderate
CVE-2026-40152
was published
for
praisonaiagents
(pip)
Apr 10, 2026
Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
Moderate
CVE-2026-35206
was published
for
helm.sh/helm/v3
(Go)
Apr 10, 2026
PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling
Moderate
GHSA-766v-q9x3-g744
was published
for
praisonaiagents
(pip)
Apr 8, 2026
quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class
Moderate
CVE-2026-40180
was published
for
io.quarkiverse.openapi.generator:quarkus-openapi-generator
(Maven)
Apr 8, 2026
LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file read
Moderate
CVE-2026-39859
was published
for
liquidjs
(npm)
Apr 8, 2026
NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows
Moderate
CVE-2026-39844
was published
for
nicegui
(pip)
Apr 8, 2026
Hono: Path traversal in toSSG() allows writing files outside the output directory
Moderate
CVE-2026-39408
was published
for
hono
(npm)
Apr 8, 2026
ProTip!
Advisories are also available from the
GraphQL API