Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

8,632 advisories

Loading
The system Binder boundary accepts unverified pass-through AT commands, giving local applications... High Unreviewed
CVE-2026-50207 was published Jun 4, 2026
browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server High
CVE-2026-49144 was published for browserstack-runner (npm) Jun 3, 2026
Christbowel Credited to Christbowel
Docling Core: Unsafe remote filename resolution High
CVE-2026-44023 was published for docling-core (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands Moderate
CVE-2026-44022 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling: Unsafe Zip Extraction in EasyOCR Model Download High
CVE-2026-44017 was published for docling (pip) Jun 3, 2026
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability... Moderate Unreviewed
CVE-2024-47263 was published Jun 3, 2026
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability... Moderate Unreviewed
CVE-2024-47273 was published Jun 3, 2026
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local... High Unreviewed
CVE-2026-35082 was published Jun 3, 2026
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136... Moderate Unreviewed
CVE-2026-35718 was published Jun 2, 2026
A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of... Low Unreviewed
CVE-2025-7039 was published Jun 2, 2026
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device... Moderate Unreviewed
CVE-2026-0055 was published Jun 2, 2026
Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability... High Unreviewed
CVE-2026-49136 was published Jun 1, 2026
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio... High Unreviewed
CVE-2026-43624 was published Jun 1, 2026
A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function... Low Unreviewed
CVE-2026-10278 was published Jun 1, 2026
pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing... Moderate Unreviewed
CVE-2026-8643 was published Jun 1, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2026-42679 was published Jun 1, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2026-48866 was published Jun 1, 2026
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is... Low Unreviewed
CVE-2026-10264 was published Jun 1, 2026
rattler has an entry-point path traversal in noarch:python install (arbitrary file write) Moderate
CVE-2026-47425 was published for py-rattler (pip) Jun 1, 2026
berkant-koc Credited to berkant-koc
Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git... High Unreviewed
CVE-2026-48827 was published Jun 1, 2026
SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is... Moderate Unreviewed
CVE-2026-40547 was published Jun 1, 2026
A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects... Low Unreviewed
CVE-2026-10213 was published Jun 1, 2026
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php... High Unreviewed
CVE-2018-25408 was published May 30, 2026
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to... High Unreviewed
CVE-2018-25421 was published May 30, 2026
PraisonAI has an Arbitrary File Write in Python API High
CVE-2026-47397 was published for PraisonAI (pip) May 29, 2026
Ruoyyy Credited to Ruoyyy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database