Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

300 advisories

Loading
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write Critical
CVE-2025-64712 was published for unstructured (pip) Feb 3, 2026
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid... High Unreviewed
CVE-2025-62842 was published Jan 2, 2026
survey-pdf Upgraded jsPDF Version Due to Security Vulnerability Critical
CVE-2026-25630 was published for survey-pdf (npm) Feb 4, 2026
qdrant has arbitrary file write via `/logger` endpoint High
CVE-2026-25628 was published for qdrant (Rust) Feb 5, 2026
Ezzer17 Credited to Ezzer17
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Low Unreviewed
CVE-2026-21249 was published Feb 10, 2026
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the... High Unreviewed
CVE-2026-26158 was published Feb 11, 2026
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities... High Unreviewed
CVE-2026-26157 was published Feb 11, 2026
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via... High Unreviewed
CVE-2025-61879 was published Feb 12, 2026
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2025-24054 was published Mar 11, 2025
Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration) High
GHSA-gfmx-qqqh-f38q was published for keras (pip) Feb 12, 2026 withdrawn
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading High
CVE-2026-1669 was published for keras (pip) Feb 18, 2026
N3mes1s Credited to N3mes1s
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... High Unreviewed
CVE-2026-26360 was published Feb 19, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... High Unreviewed
CVE-2026-26359 was published Feb 19, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... Moderate Unreviewed
CVE-2026-26361 was published Feb 19, 2026
OpenClaw hardened the skill download target directory validation Moderate
CVE-2026-27008 was published for openclaw (npm) Feb 18, 2026
Adam55A-code Credited to Adam55A-code
registry-support: decompress can delete files outside scope via relative paths Moderate
CVE-2024-1485 was published for github.com/devfile/registry-support/registry-library (Go) Feb 14, 2024
cebarks Credited to cebarks
OpenClaw has an arbitrary transcript path file write via gateway sessionFile High
CVE-2026-28459 was published for openclaw (npm) Feb 17, 2026
tubadeligoz Credited to tubadeligoz
External control of file name or path in Windows Kernel allows an authorized attacker to elevate... High Unreviewed
CVE-2026-24287 was published Mar 10, 2026
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected... High Unreviewed
CVE-2026-25573 was published Mar 10, 2026
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected... Moderate Unreviewed
CVE-2026-25605 was published Mar 10, 2026
MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment Critical
CVE-2026-27825 was published for mcp-atlassian (pip) Mar 10, 2026
yotampe-pluto Credited to yotampe-pluto and gil-maman-p gil-maman-p gil-maman-p
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6... Critical Unreviewed
CVE-2026-30903 was published Mar 11, 2026
IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read... High Unreviewed
CVE-2019-25472 was published Mar 11, 2026
An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95... Moderate Unreviewed
CVE-2025-69621 was published Feb 4, 2026
SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write High
CVE-2026-32749 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database