Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

132 advisories

Loading
nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames Moderate
CVE-2026-39377 was published for nbconvert (pip) Apr 21, 2026
g0blinResearch Credited to g0blinResearch
OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result... Moderate Unreviewed
CVE-2026-41389 was published Apr 20, 2026
Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath Moderate
GHSA-3pw3-v88x-xj24 was published for @paperclipai/shared (npm) Apr 16, 2026
lilmingwa13 Credited to lilmingwa13
Rembg has a Path Traversal via Custom Model Loading Moderate
CVE-2026-40086 was published for rembg (pip) Apr 10, 2026
yueyueL Credited to yueyueL
A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an... Moderate Unreviewed
CVE-2026-5210 was published Mar 31, 2026
Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation Moderate
CVE-2026-33027 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
dapickle Credited to dapickle
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to... Moderate Unreviewed
CVE-2019-25618 was published Mar 22, 2026
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,... Moderate Unreviewed
CVE-2026-2351 was published Mar 21, 2026
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected... Moderate Unreviewed
CVE-2026-25605 was published Mar 10, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... Moderate Unreviewed
CVE-2026-26361 was published Feb 19, 2026
OpenClaw hardened the skill download target directory validation Moderate
CVE-2026-27008 was published for openclaw (npm) Feb 18, 2026
Adam55A-code Credited to Adam55A-code
An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95... Moderate Unreviewed
CVE-2025-69621 was published Feb 4, 2026
LobeHub Vulnerable to Improper Authorization in Presigned Upload Moderate
CVE-2026-23835 was published for @lobehub/chat (npm) Feb 1, 2026
uko3211 Credited to uko3211
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2026-20925 was published Jan 13, 2026
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2026-20872 was published Jan 13, 2026
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all... Moderate Unreviewed
CVE-2025-14059 was published Jan 7, 2026
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions... Moderate Unreviewed
CVE-2025-13320 was published Dec 12, 2025
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an... Moderate Unreviewed
CVE-2025-67461 was published Dec 10, 2025
memos lacks file name validation or verification Moderate
CVE-2025-65799 was published for github.com/usememos/memos (Go) Dec 8, 2025
OpenStack's Mistral Client has a local file inclusion vulnerability Moderate
CVE-2021-4472 was published for python-mistralclient (pip) Nov 26, 2025
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13380 was published Nov 25, 2025
The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and... Moderate Unreviewed
CVE-2025-11973 was published Nov 21, 2025
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal Moderate
CVE-2025-64714 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard Credited to esnard, elrido, and rugk elrido elrido
rugk rugk
External control of file name or path in certain Zoom Clients may allow an unauthenticated user... Moderate Unreviewed
CVE-2025-64739 was published Nov 13, 2025
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow... Moderate Unreviewed
CVE-2025-64738 was published Nov 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database