Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment Critical
CVE-2026-27825 was published for mcp-atlassian (pip) Mar 10, 2026
yotampe-pluto Credited to yotampe-pluto and gil-maman-p gil-maman-p gil-maman-p
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading High
CVE-2026-1669 was published for keras (pip) Feb 18, 2026
N3mes1s Credited to N3mes1s
Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration) High
GHSA-gfmx-qqqh-f38q was published for keras (pip) Feb 12, 2026 withdrawn
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write Critical
CVE-2025-64712 was published for unstructured (pip) Feb 3, 2026
H2O has an External Control of File Name or Path vulnerability Critical
CVE-2024-5986 was published for ai.h2o:h2o-core (Maven) Feb 2, 2026
External Control of File Name or Path in Langflow High
CVE-2025-68478 was published for langflow (pip) Dec 19, 2025
J1vvoo Credited to J1vvoo and im-soohyun im-soohyun im-soohyun
OpenStack's Mistral Client has a local file inclusion vulnerability Moderate
CVE-2021-4472 was published for python-mistralclient (pip) Nov 26, 2025
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server High
CVE-2025-62611 was published for aiomysql (pip) Oct 22, 2025
KonstantAnxiety Credited to KonstantAnxiety
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
DB-GPT vulnerable to Arbitrary File Upload with Path Traversal Critical
CVE-2024-10902 was published for dbgpt (pip) Mar 20, 2025
InvokeAI has External Control of File Name or Path Critical
CVE-2025-6237 was published for invokeai (pip) Sep 18, 2025
cai0duque Credited to cai0duque
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
OctoPrint vulnerable to possible file extraction via upload endpoints Moderate
CVE-2025-48067 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi Credited to jacopotediosi
Aim External Control of File Name or Path vulnerability Critical
CVE-2024-6829 was published for aim (pip) Mar 20, 2025
AgentScope directory traversal vulnerability in /read-examples High
CVE-2024-8524 was published for agentscope (pip) Mar 20, 2025
H2O Vulnerable to Arbitrary File Overwrite High
CVE-2024-8616 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file High
CVE-2024-1603 was published for paddlepaddle (pip) Mar 23, 2024
Weblate vulnerable to improper sanitization of project backups Low
CVE-2024-39303 was published for Weblate (pip) Jul 1, 2024
quehill Credited to quehill
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible High
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Voilà Local file inclusion High
CVE-2024-30265 was published for voila (pip) Apr 3, 2024
ericfinger Credited to ericfinger, trungleduc, martinRenou, and Carreau trungleduc trungleduc
martinRenou martinRenou Carreau Carreau
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database