Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
pyLoad has an Arbitrary File Write via Path Traversal in edit_package() High
CVE-2026-29778 was published for pyload-ng (pip) Mar 5, 2026
BaranTeyin1 Credited to BaranTeyin1 and MetinGerdan MetinGerdan MetinGerdan
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI... High Unreviewed
CVE-2026-21659 was published Feb 27, 2026
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality... High Unreviewed
CVE-2026-2818 was published Feb 20, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability.... High Unreviewed
CVE-2026-26362 was published Feb 19, 2026
OpenClaw has an arbitrary transcript path file write via gateway sessionFile High
CVE-2026-28459 was published for openclaw (npm) Feb 17, 2026
tubadeligoz Credited to tubadeligoz
FUXA Affected by a Path Traversal Sanitization Bypass High
CVE-2026-25951 was published for fuxa-server (npm) Feb 10, 2026
h1dr1 Credited to h1dr1
apko has a path traversal in apko dirFS which allows filesystem writes outside base High
CVE-2026-25121 was published for chainguard.dev/apko (Go) Feb 3, 2026
1seal Credited to 1seal, jdolitsky, antitree, xornivore, eslerm, egibs, and stevebeattie jdolitsky jdolitsky
antitree antitree xornivore xornivore eslerm eslerm egibs egibs stevebeattie stevebeattie
Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2026-1022 was published Jan 16, 2026
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS High
CVE-2025-68472 was published for MindsDB (pip) Jan 12, 2026
locus-x64 Credited to locus-x64
@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading... High Unreviewed
CVE-2025-67366 was published Jan 7, 2026
PsiTransfer has Zip Slip Path Traversal via TAR Archive Download High
GHSA-xphh-5v4r-r3rx was published for psitransfer (npm) Dec 30, 2025
DenizParlak Credited to DenizParlak
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-15225 was published Dec 29, 2025
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is... High Unreviewed
CVE-2025-57403 was published Dec 26, 2025
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2025-15015 was published Dec 22, 2025
Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute... High Unreviewed
CVE-2025-62552 was published Dec 9, 2025
RCE via ZipSlip and symbolic links in argoproj/argo-workflows High
CVE-2025-66626 was published for github.com/argoproj/argo-workflows (Go) Dec 9, 2025
cristianstaicu Credited to cristianstaicu and meenakshisl meenakshisl meenakshisl
There is a relative path traversal vulnerability in the NI System Web Server that may result in... High Unreviewed
CVE-2025-12097 was published Dec 4, 2025
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated... High Unreviewed
CVE-2025-13771 was published Nov 28, 2025
IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability,... High Unreviewed
CVE-2025-13161 was published Nov 14, 2025
A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker... High Unreviewed
CVE-2025-58464 was published Nov 7, 2025
Apache Tomcat Vulnerable to Relative Path Traversal High
CVE-2025-55752 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko Credited to aruneko and tkwilli94 tkwilli94 tkwilli94
A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software... High Unreviewed
CVE-2025-62498 was published Oct 24, 2025
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4... High Unreviewed
CVE-2025-58429 was published Oct 24, 2025
A relative path traversal vulnerability was discovered in Productivity Suite software version 4... High Unreviewed
CVE-2025-58456 was published Oct 24, 2025
A relative path traversal vulnerability was discovered in Productivity Suite software version 4... High Unreviewed
CVE-2025-58078 was published Oct 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database