Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

307 advisories

Loading
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... High Unreviewed
CVE-2026-26359 was published Feb 19, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... High Unreviewed
CVE-2026-26360 was published Feb 19, 2026
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading High
CVE-2026-1669 was published for keras (pip) Feb 18, 2026
N3mes1s Credited to N3mes1s
Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration) High
GHSA-gfmx-qqqh-f38q was published for keras (pip) Feb 12, 2026 withdrawn
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2025-24054 was published Mar 11, 2025
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via... High Unreviewed
CVE-2025-61879 was published Feb 12, 2026
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities... High Unreviewed
CVE-2026-26157 was published Feb 11, 2026
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the... High Unreviewed
CVE-2026-26158 was published Feb 11, 2026
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Low Unreviewed
CVE-2026-21249 was published Feb 10, 2026
qdrant has arbitrary file write via `/logger` endpoint High
CVE-2026-25628 was published for qdrant (Rust) Feb 5, 2026
Ezzer17 Credited to Ezzer17
survey-pdf Upgraded jsPDF Version Due to Security Vulnerability Critical
CVE-2026-25630 was published for survey-pdf (npm) Feb 4, 2026
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid... High Unreviewed
CVE-2025-62842 was published Jan 2, 2026
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write Critical
CVE-2025-64712 was published for unstructured (pip) Feb 3, 2026
An external control of file name or path vulnerability in the download file function of Soar... High Unreviewed
CVE-2025-48781 was published Jun 6, 2025
An external control of file name or path vulnerability in the delete file function of Soar Cloud... High Unreviewed
CVE-2025-48783 was published Jun 6, 2025
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration... High Unreviewed
CVE-2020-37080 was published Feb 4, 2026
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that... High Unreviewed
CVE-2020-37078 was published Feb 4, 2026
H2O has an External Control of File Name or Path vulnerability Critical
CVE-2024-5986 was published for ai.h2o:h2o-core (Maven) Feb 2, 2026
LobeHub Vulnerable to Improper Authorization in Presigned Upload Moderate
CVE-2026-23835 was published for @lobehub/chat (npm) Feb 1, 2026
uko3211 Credited to uko3211
An external control of file name or path vulnerability in SUNNET Corporate Training Management... Critical Unreviewed
CVE-2025-54945 was published Sep 25, 2025
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an... Moderate Unreviewed
CVE-2025-0105 was published Jan 11, 2025
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows... High Unreviewed
CVE-2021-47871 was published Jan 21, 2026
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows... High Unreviewed
CVE-2021-47746 was published Jan 21, 2026
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS... Critical Unreviewed
CVE-2025-53912 was published Jan 20, 2026
jsPDF has Local File Inclusion/Path Traversal vulnerability Critical
CVE-2025-68428 was published for jspdf (npm) Jan 5, 2026
kilkat Credited to kilkat
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database