Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

383 advisories

Loading
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page High
CVE-2025-52465 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
YacineF Credited to YacineF, sikeoka, partywavesec, and jodygarnett sikeoka sikeoka
partywavesec partywavesec jodygarnett jodygarnett
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-47643 was published Jun 9, 2026
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to... Low Unreviewed
CVE-2025-12656 was published Jun 6, 2026
Docling Core: Insufficient validation of image reference URIs High
CVE-2026-44019 was published for docling-core (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling: Unsafe URI and Path Handling in HTML Backend High
CVE-2026-47214 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load... Moderate Unreviewed
CVE-2026-20175 was published Jun 3, 2026
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local... High Unreviewed
CVE-2026-35079 was published Jun 3, 2026
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local... High Unreviewed
CVE-2026-35078 was published Jun 3, 2026
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary... High Unreviewed
CVE-2026-35080 was published Jun 3, 2026
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary... High Unreviewed
CVE-2026-35077 was published Jun 3, 2026
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local... High Unreviewed
CVE-2026-35076 was published Jun 3, 2026
A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this... Moderate Unreviewed
CVE-2026-10694 was published Jun 3, 2026
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an... Low Unreviewed
CVE-2026-10559 was published Jun 2, 2026
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an... Low Unreviewed
CVE-2026-10558 was published Jun 2, 2026
rattler has an entry-point path traversal in noarch:python install (arbitrary file write) Moderate
CVE-2026-47425 was published for py-rattler (pip) Jun 1, 2026
berkant-koc Credited to berkant-koc
compliance-trestle - jinja has an Arbitrary File Write via Path Traversal High
CVE-2026-46345 was published for compliance-trestle (pip) May 28, 2026
l3tchupkt Credited to l3tchupkt
compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal High
CVE-2026-45725 was published for compliance-trestle (pip) May 27, 2026
AnistoMejin Credited to AnistoMejin and yantongggg yantongggg yantongggg
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64`... High Unreviewed
CVE-2026-48920 was published May 27, 2026
The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in... Moderate Unreviewed
CVE-2025-0898 was published May 27, 2026
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file... Critical Unreviewed
CVE-2026-8450 was published May 27, 2026
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the... Critical Unreviewed
CVE-2026-47357 was published May 19, 2026
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL... Critical Unreviewed
CVE-2026-47358 was published May 19, 2026
HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper... High Unreviewed
CVE-2026-29962 was published May 18, 2026
CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations Moderate
CVE-2026-45139 was published for ci4-cms-erp/ci4ms (Composer) May 18, 2026
offset Credited to offset
Duplicate Advisory: phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins High
GHSA-rmqr-h98c-qg2m was published for phpMyFAQ/phpMyFAQ (Composer) May 15, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database