Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

383 advisories

Loading
Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install` Moderate
CVE-2026-46383 was published for apm-cli (pip) May 15, 2026
0xmrma Credited to 0xmrma
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-3892 was published May 14, 2026
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal... High Unreviewed
CVE-2026-30905 was published May 13, 2026
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500... Moderate Unreviewed
CVE-2026-0259 was published May 13, 2026
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized... High Unreviewed
CVE-2026-41107 was published May 12, 2026
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an... High Unreviewed
CVE-2026-41088 was published May 12, 2026
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to... Moderate Unreviewed
CVE-2026-40421 was published May 12, 2026
External control of file name or path in SQL Server allows an authorized attacker to execute code... High Unreviewed
CVE-2026-40370 was published May 12, 2026
External control of file name or path in Azure Monitor Agent allows an authorized attacker to... High Unreviewed
CVE-2026-32204 was published May 12, 2026
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote... Critical Unreviewed
CVE-2026-8043 was published May 12, 2026
Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option High
CVE-2026-45089 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
drmingler Credited to drmingler
Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` High
CVE-2026-45088 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
Streamlink has an arbitrary local file read via file:// URI in HLS and DASH Moderate
CVE-2026-44353 was published for streamlink (pip) May 11, 2026
4tkD0g Credited to 4tkD0g and bastimeyer bastimeyer bastimeyer
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal... High Unreviewed
CVE-2026-44127 was published May 8, 2026
Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install High
CVE-2026-44641 was published for apm-cli (pip) May 7, 2026
0xmrma Credited to 0xmrma
Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme Moderate
CVE-2026-42597 was published for github.com/gotenberg/gotenberg/v8 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes Moderate
CVE-2026-42593 was published for github.com/gotenberg/gotenberg/v8 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override High
CVE-2026-42845 was published for getgrav/grav-plugin-form (Composer) May 6, 2026
fr0stydev Credited to fr0stydev
changedetection.io has an Arbitrary Local File Read via a crafted backup restore High
CVE-2026-43891 was published for changedetection.io (pip) May 5, 2026
minhlh56 Credited to minhlh56
@evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE) High
GHSA-cfcj-hqpf-hccf was published for @evomap/evolver (npm) May 5, 2026
offset Credited to offset
Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move High
CVE-2026-40893 was published for github.com/gotenberg/gotenberg/v8 (Go) May 4, 2026
AnuragBathani Credited to AnuragBathani
A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function... Moderate Unreviewed
CVE-2026-7633 was published May 2, 2026
i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite High
CVE-2026-41693 was published for i18next-fs-backend (npm) Apr 22, 2026
The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path... High Unreviewed
CVE-2026-4132 was published Apr 22, 2026
nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames Moderate
CVE-2026-39377 was published for nbconvert (pip) Apr 21, 2026
g0blinResearch Credited to g0blinResearch
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database