Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

288 advisories

Loading
pyLoad has an Arbitrary File Write via Path Traversal in edit_package() High
CVE-2026-29778 was published for pyload-ng (pip) Mar 5, 2026
BaranTeyin1 Credited to BaranTeyin1 and MetinGerdan MetinGerdan MetinGerdan
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI... High Unreviewed
CVE-2026-21659 was published Feb 27, 2026
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality... High Unreviewed
CVE-2026-2818 was published Feb 20, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability.... High Unreviewed
CVE-2026-26362 was published Feb 19, 2026
OpenClaw has an arbitrary transcript path file write via gateway sessionFile High
CVE-2026-28459 was published for openclaw (npm) Feb 17, 2026
tubadeligoz Credited to tubadeligoz
A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote... Low Unreviewed
CVE-2025-58467 was published Feb 11, 2026
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue... Low Unreviewed
CVE-2026-1762 was published Feb 10, 2026
FUXA Affected by a Path Traversal Sanitization Bypass High
CVE-2026-25951 was published for fuxa-server (npm) Feb 10, 2026
h1dr1 Credited to h1dr1
It was possible to improperly access the parent directory of an os.Root by opening a filename... Low Unreviewed
CVE-2025-22873 was published Feb 5, 2026
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern Critical
CVE-2025-62878 was published for github.com/rancher/local-path-provisioner (Go) Feb 4, 2026
apko has a path traversal in apko dirFS which allows filesystem writes outside base High
CVE-2026-25121 was published for chainguard.dev/apko (Go) Feb 3, 2026
1seal Credited to 1seal, jdolitsky, antitree, xornivore, eslerm, egibs, and stevebeattie jdolitsky jdolitsky
antitree antitree xornivore xornivore eslerm eslerm egibs egibs stevebeattie stevebeattie
vlt Mishandles Path Sanitization for tar Moderate
CVE-2026-24909 was published for @vltpkg/tar (npm) Jan 28, 2026
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip) Moderate
CVE-2026-23888 was published for pnpm (npm) Jan 26, 2026
mldangelo Credited to mldangelo and mgol mgol mgol
pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin Moderate
CVE-2026-23890 was published for pnpm (npm) Jan 26, 2026
mldangelo Credited to mldangelo
Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2026-1022 was published Jan 16, 2026
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS High
CVE-2025-68472 was published for MindsDB (pip) Jan 12, 2026
locus-x64 Credited to locus-x64
@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading... High Unreviewed
CVE-2025-67366 was published Jan 7, 2026
PsiTransfer has Zip Slip Path Traversal via TAR Archive Download High
GHSA-xphh-5v4r-r3rx was published for psitransfer (npm) Dec 30, 2025
DenizParlak Credited to DenizParlak
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-15225 was published Dec 29, 2025
Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged... Moderate Unreviewed
CVE-2025-66737 was published Dec 26, 2025
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is... High Unreviewed
CVE-2025-57403 was published Dec 26, 2025
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2025-15015 was published Dec 22, 2025
Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute... High Unreviewed
CVE-2025-62552 was published Dec 9, 2025
RCE via ZipSlip and symbolic links in argoproj/argo-workflows High
CVE-2025-66626 was published for github.com/argoproj/argo-workflows (Go) Dec 9, 2025
cristianstaicu Credited to cristianstaicu and meenakshisl meenakshisl meenakshisl
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from... Moderate Unreviewed
CVE-2016-20023 was published Dec 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database