Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

195 advisories

Loading
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized... High Unreviewed
CVE-2026-41107 was published May 12, 2026
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6... Critical Unreviewed
CVE-2026-30903 was published Mar 11, 2026
Externally controlled reference to a resource in another sphere in Microsoft Partner Center... High Unreviewed
CVE-2026-34327 was published May 8, 2026
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0... Moderate Unreviewed
CVE-2026-30816 was published Apr 8, 2026
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows... Moderate Unreviewed
CVE-2026-30817 was published Apr 8, 2026
OpenClaw: Workspace dotenv files cannot override connector endpoint hosts Moderate
GHSA-55cf-xx38-4p9p was published for openclaw (npm) May 4, 2026
qi-scape Credited to qi-scape
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
RainSignal Credited to RainSignal
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2022-2943 was published Sep 7, 2022
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application... High Unreviewed
CVE-2026-0522 was published Apr 1, 2026
OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files Moderate
CVE-2026-32008 was published for openclaw (npm) Mar 3, 2026
q1uf3ng Credited to q1uf3ng
php-svg-lib lacks path validation on font through SVG inline styles Moderate
CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code... Moderate Unreviewed
CVE-2022-3032 was published Dec 22, 2022
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3404 was published Mar 2, 2026
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a... High Unreviewed
CVE-2025-48654 was published Mar 2, 2026
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2026-28722 was published Mar 6, 2026
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2026-28721 was published Mar 6, 2026
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file ... Moderate Unreviewed
CVE-2026-2074 was published Feb 7, 2026
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done... Moderate Unreviewed
CVE-2026-2536 was published Feb 16, 2026
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration High
CVE-2024-6717 was published for github.com/hashicorp/nomad (Go) Jul 23, 2024
dduzgun-security Credited to dduzgun-security
A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm... Moderate Unreviewed
CVE-2026-1218 was published Jan 20, 2026
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of... Moderate Unreviewed
CVE-2025-11341 was published Oct 6, 2025
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before... Moderate Unreviewed
CVE-2022-23439 was published Jan 22, 2025
External Control of File Name or Path in Langflow High
CVE-2025-68478 was published for langflow (pip) Dec 19, 2025
J1vvoo Credited to J1vvoo and im-soohyun im-soohyun im-soohyun
A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement... Moderate Unreviewed
CVE-2025-15251 was published Dec 30, 2025
In multiple locations, there is a possible way to alter the primary user's face unlock settings... Moderate Unreviewed
CVE-2025-48598 was published Dec 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database