Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

383 advisories

Loading
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page High
CVE-2025-52465 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
YacineF Credited to YacineF, sikeoka, partywavesec, and jodygarnett sikeoka sikeoka
partywavesec partywavesec jodygarnett jodygarnett
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-47643 was published Jun 9, 2026
rattler has an entry-point path traversal in noarch:python install (arbitrary file write) Moderate
CVE-2026-47425 was published for py-rattler (pip) Jun 1, 2026
berkant-koc Credited to berkant-koc
Duplicate Advisory: phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins High
GHSA-rmqr-h98c-qg2m was published for phpMyFAQ/phpMyFAQ (Composer) May 15, 2026 withdrawn
Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` High
CVE-2026-45088 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option High
CVE-2026-45089 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
drmingler Credited to drmingler
Streamlink has an arbitrary local file read via file:// URI in HLS and DASH Moderate
CVE-2026-44353 was published for streamlink (pip) May 11, 2026
4tkD0g Credited to 4tkD0g and bastimeyer bastimeyer bastimeyer
Langflow has an Arbitrary File Write (RCE) via v2 API Critical
CVE-2026-33309 was published for langflow (pip) Mar 19, 2026
akshatgit Credited to akshatgit, abhinavagarwal07, Jkavia, and andifilhohub abhinavagarwal07 abhinavagarwal07
Jkavia Jkavia andifilhohub andifilhohub
External Control of File Name or Path in Langflow High
CVE-2025-68478 was published for langflow (pip) Dec 19, 2025
J1vvoo Credited to J1vvoo and im-soohyun im-soohyun im-soohyun
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to... Low Unreviewed
CVE-2025-12656 was published Jun 6, 2026
changedetection.io has an Arbitrary Local File Read via a crafted backup restore High
CVE-2026-43891 was published for changedetection.io (pip) May 5, 2026
minhlh56 Credited to minhlh56
AgentScope directory traversal vulnerability in /read-examples High
CVE-2024-8524 was published for agentscope (pip) Mar 20, 2025
Docling Core: Insufficient validation of image reference URIs High
CVE-2026-44019 was published for docling-core (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling: Unsafe URI and Path Handling in HTML Backend High
CVE-2026-47214 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load... Moderate Unreviewed
CVE-2026-20175 was published Jun 3, 2026
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local... High Unreviewed
CVE-2026-35076 was published Jun 3, 2026
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local... High Unreviewed
CVE-2026-35078 was published Jun 3, 2026
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local... High Unreviewed
CVE-2026-35079 was published Jun 3, 2026
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary... High Unreviewed
CVE-2026-35077 was published Jun 3, 2026
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary... High Unreviewed
CVE-2026-35080 was published Jun 3, 2026
A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this... Moderate Unreviewed
CVE-2026-10694 was published Jun 3, 2026
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal... High Unreviewed
CVE-2026-30905 was published May 13, 2026
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the... High Unreviewed
CVE-2026-26158 was published Feb 11, 2026
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities... High Unreviewed
CVE-2026-26157 was published Feb 11, 2026
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource... Critical Unreviewed
CVE-2024-9142 was published Sep 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database