Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

8,632 advisories

Loading
The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-12089 was published Jun 13, 2026
Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability... Moderate Unreviewed
CVE-2026-11442 was published Jun 13, 2026
OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest... High Unreviewed
CVE-2026-53825 was published Jun 13, 2026
File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames Moderate
CVE-2026-54093 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
hacdias Credited to hacdias
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope Moderate
CVE-2026-54094 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
DavidCarliez Credited to DavidCarliez, hacdias, m2hcz, and alanturing881 hacdias hacdias
m2hcz m2hcz alanturing881 alanturing881
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The... Moderate Unreviewed
CVE-2026-54394 was published Jun 12, 2026
esbuild allows arbitrary file read when running the development server on Windows Low
GHSA-g7r4-m6w7-qqqr was published for esbuild (npm) Jun 12, 2026
dellalibera Credited to dellalibera
TYPO3 CMS has Broken Access Control in its Media Module High
CVE-2026-49742 was published for typo3/cms-core (Composer) Jun 12, 2026
TYPO3 CMS has Broken Access Control in its File Abstraction Layer Low
CVE-2026-49738 was published for typo3/cms-core (Composer) Jun 12, 2026
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16... High Unreviewed
CVE-2026-6961 was published Jun 12, 2026
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing... High Unreviewed
CVE-2026-3840 was published Jun 12, 2026
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File... Moderate Unreviewed
CVE-2026-11844 was published Jun 12, 2026
The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path... Moderate Unreviewed
CVE-2026-11847 was published Jun 12, 2026
The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary... High Unreviewed
CVE-2026-11846 was published Jun 12, 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found... High Unreviewed
CVE-2026-47368 was published Jun 12, 2026
Incomplete input validation and improperly configured folder permissions within Idira Privileged... Critical Unreviewed
CVE-2026-45171 was published Jun 12, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2025-24268 was published Jun 11, 2026
WsgiDAV encoded dot segments can escape filesystem share roots High
CVE-2026-48099 was published for wsgidav (pip) Jun 11, 2026
0xHunSec Credited to 0xHunSec
@hapi/inert has a static-file confinement bypass via sibling-prefix path Moderate
CVE-2026-48049 was published for @hapi/inert (npm) Jun 11, 2026
imssm99 Credited to imssm99
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction... High Unreviewed
CVE-2026-11816 was published Jun 11, 2026
Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows... High Unreviewed
CVE-2026-8464 was published Jun 11, 2026
A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client... High Unreviewed
CVE-2026-40987 was published Jun 11, 2026
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on... Moderate Unreviewed
CVE-2026-0270 was published Jun 11, 2026
PDM wheel installation leads to Path Traversal via overridden write_to_fs High
CVE-2026-47764 was published for pdm (pip) Jun 10, 2026
Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion High
CVE-2026-47253 was published for github.com/julien040/anyquery (Go) Jun 10, 2026
232-323 Credited to 232-323
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database