Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

163 advisories

Loading
Rancher Extensions have arbitrary file access via path traversal High
CVE-2026-25705 was published for github.com/rancher/rancher (Go) May 7, 2026
KoreaSecurity Credited to KoreaSecurity and Proscan-one Proscan-one Proscan-one
When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may... High Unreviewed
CVE-2026-42930 was published May 13, 2026
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed... Moderate Unreviewed
CVE-2026-24464 was published May 13, 2026
Heimdall has an authorization bypass via path normalization mismatch High
CVE-2026-42274 was published for github.com/dadrus/heimdall (Go) Apr 25, 2026
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal... Moderate Unreviewed
CVE-2026-0804 was published May 12, 2026
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an... High Unreviewed
CVE-2026-20034 was published May 6, 2026
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with... Moderate Unreviewed
CVE-2026-0205 was published Apr 29, 2026
A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing... Critical Unreviewed
CVE-2026-6074 was published Apr 23, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-49405 was published Aug 28, 2025
A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify... Moderate Unreviewed
CVE-2024-12088 was published Jan 14, 2025
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc... Moderate Unreviewed
CVE-2024-12087 was published Jan 14, 2025
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5481 was published Jun 7, 2024
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged... Moderate Unreviewed
CVE-2026-28265 was published Apr 1, 2026
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue... High Unreviewed
CVE-2024-56055 was published Dec 18, 2024
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue... Critical Unreviewed
CVE-2024-56045 was published Dec 31, 2024
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue... High Unreviewed
CVE-2024-56049 was published Dec 18, 2024
Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows... High Unreviewed
CVE-2024-52447 was published Nov 20, 2024
Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File... High Unreviewed
CVE-2024-51582 was published Nov 4, 2024
Path Traversal: '.../...//' vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery... Moderate Unreviewed
CVE-2024-49258 was published Oct 16, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2024-47324 was published Oct 5, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2024-38706 was published Jul 12, 2024
: Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue... Moderate Unreviewed
CVE-2024-52390 was published Nov 19, 2024
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file... High Unreviewed
CVE-2026-25397 was published Mar 25, 2026
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay... Moderate Unreviewed
CVE-2023-5800 was published Feb 5, 2024
This vulnerability allows remote attackers to traverse the directory on the affected webOS of... Low Unreviewed
CVE-2024-1886 was published Feb 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database