Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

327 advisories

Loading
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2026-47287 was published Jun 9, 2026
Source controller: Improper path handling allows traversal Moderate
CVE-2026-47680 was published for github.com/fluxcd/source-controller (Go) Jun 5, 2026
hiddeco Credited to hiddeco
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during... Moderate Unreviewed
CVE-2026-48681 was published Jun 4, 2026
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root... Moderate Unreviewed
CVE-2026-5422 was published Jun 2, 2026
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2026-10073 was published May 29, 2026
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged... Moderate Unreviewed
CVE-2026-10074 was published May 29, 2026
Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows... Critical Unreviewed
CVE-2026-8326 was published May 29, 2026
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500... High Unreviewed
CVE-2025-41280 was published May 29, 2026
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in... High Unreviewed
CVE-2025-41271 was published May 29, 2026
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in... High Unreviewed
CVE-2025-41268 was published May 29, 2026
Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users... High Unreviewed
CVE-2025-48977 was published May 28, 2026
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path... High Unreviewed
CVE-2026-8361 was published May 27, 2026
XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash Critical
CVE-2026-23734 was published for org.xwiki.commons:xwiki-commons-classloader-api (Maven) May 26, 2026
majkelstick Credited to majkelstick
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the... Critical Unreviewed
CVE-2026-8134 was published May 21, 2026
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre... Moderate Unreviewed
CVE-2026-34926 was published May 21, 2026
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is... High Unreviewed
CVE-2026-8073 was published May 19, 2026
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated... Critical Unreviewed
CVE-2026-41948 was published May 18, 2026
A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a... Critical Unreviewed
CVE-2026-41551 was published May 12, 2026
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS... Moderate Unreviewed
CVE-2026-8209 was published May 9, 2026
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin... Moderate Unreviewed
CVE-2026-29201 was published May 8, 2026
django-s3file is vulnerable to relative path traversal Critical
CVE-2026-42196 was published for django-s3file (pip) May 5, 2026
stsewd Credited to stsewd and amureki amureki amureki
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to... Moderate Unreviewed
CVE-2026-43616 was published May 4, 2026
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. High Unreviewed
CVE-2026-22070 was published Apr 30, 2026
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames Moderate
CVE-2026-42085 was published for openc3 (RubyGems) Apr 22, 2026
ctrlsill Credited to ctrlsill
nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding Moderate
CVE-2026-39378 was published for nbconvert (pip) Apr 21, 2026
g0blinResearch Credited to g0blinResearch
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database