Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

79 advisories

Loading
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. High Unreviewed
CVE-2026-52707 was published Jun 17, 2026
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. High Unreviewed
CVE-2026-49112 was published Jun 15, 2026
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions. High Unreviewed
CVE-2026-42661 was published Jun 15, 2026
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently ... High Unreviewed
CVE-2026-44933 was published May 20, 2026
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability High Unreviewed
CVE-2026-45495 was published May 18, 2026
When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may... High Unreviewed
CVE-2026-42930 was published May 13, 2026
Rancher Extensions have arbitrary file access via path traversal High
CVE-2026-25705 was published for github.com/rancher/rancher (Go) May 7, 2026
KoreaSecurity Credited to KoreaSecurity and Proscan-one Proscan-one Proscan-one
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an... High Unreviewed
CVE-2026-20034 was published May 6, 2026
Heimdall has an authorization bypass via path normalization mismatch High
CVE-2026-42274 was published for github.com/dadrus/heimdall (Go) Apr 25, 2026
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file... High Unreviewed
CVE-2026-25397 was published Mar 25, 2026
The Access Manager is using the open source web server CompactWebServer written in C#. This web... High Unreviewed
CVE-2025-59099 was published Jan 26, 2026
Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This... High Unreviewed
CVE-2025-67914 was published Jan 8, 2026
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. High Unreviewed
CVE-2025-64676 was published Dec 19, 2025
A low privileged remote attacker can upload a new or overwrite an existing python script by using... High Unreviewed
CVE-2025-41736 was published Nov 18, 2025
Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner... High Unreviewed
CVE-2025-58972 was published Nov 6, 2025
Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka... High Unreviewed
CVE-2025-48090 was published Nov 6, 2025
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote... High Unreviewed
CVE-2025-53880 was published Oct 30, 2025
Path Traversal vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay allows... High Unreviewed
CVE-2025-48317 was published Sep 5, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-49405 was published Aug 28, 2025
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to... High Unreviewed
CVE-2025-8088 was published Aug 8, 2025
Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion. This issue... High Unreviewed
CVE-2025-52805 was published Jul 4, 2025
Path Traversal vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme... High Unreviewed
CVE-2025-52811 was published Jun 27, 2025
Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion.... High Unreviewed
CVE-2025-52810 was published Jun 27, 2025
Path Traversal vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery ... High Unreviewed
CVE-2025-49451 was published Jun 17, 2025
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. High Unreviewed
CVE-2025-47176 was published Jun 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database