Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer Moderate
GHSA-wvrh-2f4m-924v was published for ChatterBot (pip) Jun 19, 2026
AAtomical Credited to AAtomical
jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories High
CVE-2026-54528 was published for jupyterlab-git (pip) Jun 19, 2026
AAtomical Credited to AAtomical, Yann-P, and jtpio Yann-P Yann-P
jtpio jtpio
BBOT: Symlink-Following Arbitrary Write via github_workflows Module Low
CVE-2026-12567 was published for bbot (pip) Jun 18, 2026
AAtomical Credited to AAtomical
Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} Moderate
CVE-2026-54014 was published for open-webui (pip) Jun 17, 2026
AAtomical Credited to AAtomical and Classic298 Classic298 Classic298
Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator High
CVE-2026-44716 was published for pipecat-ai (pip) May 15, 2026
AAtomical Credited to AAtomical
ormar is vulnerable to SQL Injection through aggregate functions min() and max() Critical
CVE-2026-26198 was published for ormar (pip) Feb 23, 2026
AAtomical Credited to AAtomical
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database