Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write High
CVE-2026-32749 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read... High Unreviewed
CVE-2019-25472 was published Mar 11, 2026
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected... High Unreviewed
CVE-2026-25573 was published Mar 10, 2026
External control of file name or path in Windows Kernel allows an authorized attacker to elevate... High Unreviewed
CVE-2026-24287 was published Mar 10, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... High Unreviewed
CVE-2026-26360 was published Feb 19, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... High Unreviewed
CVE-2026-26359 was published Feb 19, 2026
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading High
CVE-2026-1669 was published for keras (pip) Feb 18, 2026
N3mes1s Credited to N3mes1s
OpenClaw has an arbitrary transcript path file write via gateway sessionFile High
CVE-2026-28459 was published for openclaw (npm) Feb 17, 2026
tubadeligoz Credited to tubadeligoz
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via... High Unreviewed
CVE-2025-61879 was published Feb 12, 2026
Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration) High
GHSA-gfmx-qqqh-f38q was published for keras (pip) Feb 12, 2026 withdrawn
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the... High Unreviewed
CVE-2026-26158 was published Feb 11, 2026
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities... High Unreviewed
CVE-2026-26157 was published Feb 11, 2026
qdrant has arbitrary file write via `/logger` endpoint High
CVE-2026-25628 was published for qdrant (Rust) Feb 5, 2026
Ezzer17 Credited to Ezzer17
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that... High Unreviewed
CVE-2020-37078 was published Feb 4, 2026
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration... High Unreviewed
CVE-2020-37080 was published Feb 4, 2026
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows... High Unreviewed
CVE-2021-47871 was published Jan 21, 2026
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows... High Unreviewed
CVE-2021-47746 was published Jan 21, 2026
External control of file name or path in Windows Telephony Service allows an authorized attacker... High Unreviewed
CVE-2026-20931 was published Jan 13, 2026
An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a... High Unreviewed
CVE-2025-66003 was published Jan 8, 2026
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid... High Unreviewed
CVE-2025-62842 was published Jan 2, 2026
External Control of File Name or Path in Langflow High
CVE-2025-68478 was published for langflow (pip) Dec 19, 2025
J1vvoo Credited to J1vvoo and im-soohyun im-soohyun im-soohyun
@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint High
CVE-2025-68155 was published for @vitejs/plugin-rsc (npm) Dec 16, 2025
yueyueL Credited to yueyueL
Missing authentication for critical function in Windows Storage VSP Driver allows an authorized... High Unreviewed
CVE-2025-59516 was published Dec 9, 2025
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability... High Unreviewed
CVE-2020-36878 was published Dec 5, 2025
The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2025-12529 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database