Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

303 advisories

Loading
SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write High
CVE-2026-32749 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal High
CVE-2026-33476 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 20, 2026
mith36 Credited to mith36
AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php` High
CVE-2026-33354 was published for wwbn/avideo (Composer) Mar 19, 2026
gr00ve3 Credited to gr00ve3
Langflow has an Arbitrary File Write (RCE) via v2 API Critical
CVE-2026-33309 was published for langflow (pip) Mar 19, 2026
akshatgit Credited to akshatgit, abhinavagarwal07, Jkavia, and andifilhohub abhinavagarwal07 abhinavagarwal07
Jkavia Jkavia andifilhohub andifilhohub
php-svg-lib lacks path validation on font through SVG inline styles Moderate
CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024
An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95... Moderate Unreviewed
CVE-2025-69621 was published Feb 4, 2026
IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read... High Unreviewed
CVE-2019-25472 was published Mar 11, 2026
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6... Critical Unreviewed
CVE-2026-30903 was published Mar 11, 2026
MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment Critical
CVE-2026-27825 was published for mcp-atlassian (pip) Mar 10, 2026
yotampe-pluto Credited to yotampe-pluto and gil-maman-p gil-maman-p gil-maman-p
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected... High Unreviewed
CVE-2026-25573 was published Mar 10, 2026
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected... Moderate Unreviewed
CVE-2026-25605 was published Mar 10, 2026
External control of file name or path in Windows Kernel allows an authorized attacker to elevate... High Unreviewed
CVE-2026-24287 was published Mar 10, 2026
OpenClaw has an arbitrary transcript path file write via gateway sessionFile High
CVE-2026-28459 was published for openclaw (npm) Feb 17, 2026
tubadeligoz Credited to tubadeligoz
registry-support: decompress can delete files outside scope via relative paths Moderate
CVE-2024-1485 was published for github.com/devfile/registry-support/registry-library (Go) Feb 14, 2024
cebarks Credited to cebarks
OpenClaw hardened the skill download target directory validation Moderate
CVE-2026-27008 was published for openclaw (npm) Feb 18, 2026
Adam55A-code Credited to Adam55A-code
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... Moderate Unreviewed
CVE-2026-26361 was published Feb 19, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... High Unreviewed
CVE-2026-26359 was published Feb 19, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... High Unreviewed
CVE-2026-26360 was published Feb 19, 2026
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading High
CVE-2026-1669 was published for keras (pip) Feb 18, 2026
N3mes1s Credited to N3mes1s
Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration) High
GHSA-gfmx-qqqh-f38q was published for keras (pip) Feb 12, 2026 withdrawn
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2025-24054 was published Mar 11, 2025
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via... High Unreviewed
CVE-2025-61879 was published Feb 12, 2026
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities... High Unreviewed
CVE-2026-26157 was published Feb 11, 2026
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the... High Unreviewed
CVE-2026-26158 was published Feb 11, 2026
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Low Unreviewed
CVE-2026-21249 was published Feb 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database