Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

106 advisories

Loading
AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows Moderate
CVE-2026-34515 was published for aiohttp (pip) Apr 1, 2026
nvn1729 Credited to nvn1729 and bdraco bdraco bdraco
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal... High Unreviewed
CVE-2026-4373 was published Mar 21, 2026
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2... High Unreviewed
CVE-2026-0846 was published Mar 9, 2026
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP... High Unreviewed
CVE-2026-2753 was published Mar 6, 2026
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+ High
CVE-2026-28414 was published for gradio (pip) Mar 1, 2026
nvn1729 Credited to nvn1729
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary... High Unreviewed
CVE-2026-26337 was published Feb 19, 2026
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2026-1330 was published Jan 22, 2026
Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability,... Moderate Unreviewed
CVE-2026-1020 was published Jan 16, 2026
Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability,... High Unreviewed
CVE-2026-1018 was published Jan 16, 2026
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with... Moderate Unreviewed
CVE-2026-20834 was published Jan 13, 2026
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS High
CVE-2025-68472 was published for MindsDB (pip) Jan 12, 2026
locus-x64 Credited to locus-x64
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal... Moderate Unreviewed
CVE-2025-15236 was published Jan 5, 2026
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal... Moderate Unreviewed
CVE-2025-15237 was published Jan 5, 2026
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2025-15227 was published Dec 29, 2025
Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an... Moderate Unreviewed
CVE-2025-14848 was published Dec 18, 2025
MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827 Moderate
CVE-2025-67898 was published for mjml (npm) Dec 15, 2025
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does... Critical Unreviewed
CVE-2025-34392 was published Dec 10, 2025
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability,... Moderate Unreviewed
CVE-2025-14253 was published Dec 8, 2025
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to... High Unreviewed
CVE-2025-36357 was published Nov 17, 2025
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The... High Unreviewed
CVE-2025-13282 was published Nov 17, 2025
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability... High Unreviewed
CVE-2025-13283 was published Nov 17, 2025
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due... High Unreviewed
CVE-2025-7846 was published Oct 31, 2025
Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read Moderate
GHSA-vffh-c9pq-4crh was published for uptime-kuma (npm) Oct 20, 2025
TriangleSnake Credited to TriangleSnake
The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed
CVE-2025-8575 was published Sep 12, 2025
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed
CVE-2025-9518 was published Sep 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database