Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

322 advisories

Loading
gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall Moderate
CVE-2026-40491 was published for gdown (pip) Apr 14, 2026
redyank Credited to redyank, dyingman1, drkim-dev, and HiHyeonji dyingman1 dyingman1
drkim-dev drkim-dev HiHyeonji HiHyeonji
excel-mcp-server has a Path Traversal issue Critical
CVE-2026-40576 was published for excel-mcp-server (pip) Apr 14, 2026
hits313 Credited to hits313
gramps-webapi: Zip Slip Path Traversal in Media Archive Import Critical
CVE-2026-40258 was published for gramps-webapi (pip) Apr 10, 2026
srisowmya2000 Credited to srisowmya2000
Rembg has a Path Traversal via Custom Model Loading Moderate
CVE-2026-40086 was published for rembg (pip) Apr 10, 2026
yueyueL Credited to yueyueL
xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern Moderate
GHSA-vj8v-p5vw-m6v5 was published for xrootd (pip) Apr 10, 2026
Rydzz7 Credited to Rydzz7 and abh3 abh3 abh3
uv vulnerable to arbitrary file deletion through RECORD entries Low
GHSA-pjjw-68hj-v9mw was published for uv (pip) Apr 10, 2026
konstin Credited to konstin, zanieb, woodruffw, EliteTK, and CodeByMoriarty zanieb zanieb
woodruffw woodruffw EliteTK EliteTK CodeByMoriarty CodeByMoriarty
PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack` Critical
CVE-2026-40157 was published for PraisonAI (pip) Apr 10, 2026
Mundi-Xu Credited to Mundi-Xu
PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary Moderate
CVE-2026-40152 was published for praisonaiagents (pip) Apr 10, 2026
offset Credited to offset
AGiXT Vulnerable to Path Traversal in safe_join() High
CVE-2026-39981 was published for agixt (pip) Apr 8, 2026
YeranG30 Credited to YeranG30
PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling Moderate
GHSA-766v-q9x3-g744 was published for praisonaiagents (pip) Apr 8, 2026
offset Credited to offset
NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows Moderate
CVE-2026-39844 was published for nicegui (pip) Apr 8, 2026
offset Credited to offset, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
Emmett has a path traversal in internal assets handler Critical
CVE-2026-39847 was published for emmett (pip) Apr 8, 2026
pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass Moderate
CVE-2026-35592 was published for pyload-ng (pip) Apr 8, 2026
offset Credited to offset
PraisonAI Has Path Traversal in FileTools Critical
CVE-2026-35615 was published for PraisonAI (pip) Apr 6, 2026
kritsana-chaikaew Credited to kritsana-chaikaew
PraisonAI recipe registry publish path traversal allows out-of-root file write High
CVE-2026-39308 was published for PraisonAI (pip) Apr 6, 2026
R1ZZG0D Credited to R1ZZG0D
PraisonAI recipe registry pull path traversal writes files outside the chosen output directory High
CVE-2026-39306 was published for PraisonAI (pip) Apr 6, 2026
R1ZZG0D Credited to R1ZZG0D
PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator Critical
CVE-2026-39305 was published for PraisonAI (pip) Apr 6, 2026
liyander Credited to liyander
PraisonAI Has Arbitrary File Write (Zip Slip) in Templates Extraction High
CVE-2026-39307 was published for PraisonAI (pip) Apr 6, 2026
liyander Credited to liyander
kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write Moderate
CVE-2026-35492 was published for kedro-datasets (pip) Apr 6, 2026
redyank Credited to redyank
Kedro: Path Traversal in versioned dataset loading via unsanitized version string High
CVE-2026-35167 was published for kedro (pip) Apr 3, 2026
ONNX: TOCTOU arbitrary file read/write in save_external_dat High
GHSA-q56x-g2fj-4rj6 was published for onnx (pip) Apr 1, 2026
tsigouris007 Credited to tsigouris007 and kpatsakis kpatsakis kpatsakis
Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode Moderate
CVE-2026-34730 was published for copier (pip) Apr 1, 2026
evipepota Credited to evipepota and sisp sisp sisp
Copier `_subdirectory` allows template root escape via parent-directory traversal Moderate
CVE-2026-34726 was published for copier (pip) Apr 1, 2026
evipepota Credited to evipepota and sisp sisp sisp
Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write High
CVE-2026-34591 was published for poetry (pip) Apr 1, 2026
bekkaze Credited to bekkaze and radoering radoering radoering
ONNX: External Data Symlink Traversal Moderate
CVE-2026-34447 was published for onnx (pip) Apr 1, 2026
jayashwaS Credited to jayashwaS
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database