Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

172 advisories

Loading
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. High Unreviewed
CVE-2026-52707 was published Jun 17, 2026
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. High Unreviewed
CVE-2026-49112 was published Jun 15, 2026
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. Critical Unreviewed
CVE-2026-52703 was published Jun 15, 2026
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions. High Unreviewed
CVE-2026-42661 was published Jun 15, 2026
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service... Moderate Unreviewed
CVE-2026-24315 was published Jun 9, 2026
SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft... Critical Unreviewed
CVE-2026-40128 was published Jun 9, 2026
A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing... Critical Unreviewed
CVE-2026-6074 was published Apr 23, 2026
SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability Critical
CVE-2026-7302 was published for sglang (pip) May 18, 2026
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability High Unreviewed
CVE-2026-45495 was published May 18, 2026
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently ... High Unreviewed
CVE-2026-44933 was published May 20, 2026
The File Management System developed by FileOrbis before version 10.6.3 has an unauthenticated... High Unreviewed
CVE-2022-3693 was published Jan 13, 2023
The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before... High Unreviewed
CVE-2022-2265 was published Sep 22, 2022
Rancher Extensions have arbitrary file access via path traversal High
CVE-2026-25705 was published for github.com/rancher/rancher (Go) May 7, 2026
KoreaSecurity Credited to KoreaSecurity and Proscan-one Proscan-one Proscan-one
When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may... High Unreviewed
CVE-2026-42930 was published May 13, 2026
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed... Moderate Unreviewed
CVE-2026-24464 was published May 13, 2026
Heimdall has an authorization bypass via path normalization mismatch High
CVE-2026-42274 was published for github.com/dadrus/heimdall (Go) Apr 25, 2026
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal... Moderate Unreviewed
CVE-2026-0804 was published May 12, 2026
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an... High Unreviewed
CVE-2026-20034 was published May 6, 2026
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with... Moderate Unreviewed
CVE-2026-0205 was published Apr 29, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-49405 was published Aug 28, 2025
A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify... Moderate Unreviewed
CVE-2024-12088 was published Jan 14, 2025
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc... Moderate Unreviewed
CVE-2024-12087 was published Jan 14, 2025
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5481 was published Jun 7, 2024
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged... Moderate Unreviewed
CVE-2026-28265 was published Apr 1, 2026
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue... High Unreviewed
CVE-2024-56055 was published Dec 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database