Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

7,693 advisories

Loading
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown... Moderate Unreviewed
CVE-2026-2111 was published Feb 7, 2026
Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL High
CVE-2026-25640 was published for pydantic-ai (pip) Feb 6, 2026
doredry urioren
amiteliahu
Credited to doredry, urioren, and amiteliahu
Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK Critical
CVE-2026-25592 was published for Microsoft.SemanticKernel.Core (NuGet) Feb 6, 2026
doredry amiteliahu
urioren
Credited to doredry, amiteliahu, and urioren
Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update High
CVE-2026-24135 was published for gogs.io/gogs (Go) Feb 6, 2026
reschjonas
Credited to reschjonas
Gogs has arbitrary file read/write via Path Traversal in Git hook editing Moderate
CVE-2026-23633 was published for gogs.io/gogs (Go) Feb 6, 2026
odgrso
Credited to odgrso
Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated) Moderate
CVE-2026-25760 was published for github.com/bishopfox/sliver (Go) Feb 5, 2026
xtle0o0
Credited to xtle0o0
OpenCloud Affected by Public Link Exploit High
GHSA-vf5j-r2hw-2hrw was published for github.com/opencloud-eu/opencloud (Go) Feb 5, 2026
rhafer aduffeck
dragotin micbar
Credited to rhafer, aduffeck, dragotin, and micbar
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write High
CVE-2026-25732 was published for nicegui (pip) Feb 5, 2026
k14uz falkoschindler
evnchn
Credited to k14uz, falkoschindler, and evnchn
OpenCloud Reva has a Public Link Exploit High
CVE-2026-23989 was published for github.com/opencloud-eu/reva/v2 (Go) Feb 5, 2026
rhafer aduffeck
dragotin micbar
Credited to rhafer, aduffeck, dragotin, and micbar
A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via... High Unreviewed
CVE-2025-69619 was published Feb 5, 2026
Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U ... High Unreviewed
CVE-2026-1523 was published Feb 5, 2026
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path... Moderate Unreviewed
CVE-2026-1246 was published Feb 5, 2026
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API Critical
GHSA-88qh-cphv-996c was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node High
CVE-2026-25055 was published for n8n (npm) Feb 4, 2026
nkoorty jjjutla
Credited to nkoorty and jjjutla
OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction Moderate
CVE-2026-25475 was published for openclaw (npm) Feb 4, 2026
jasonsutter87 evanotero
Credited to jasonsutter87 and evanotero
Alist vulnerable to Path Traversal in multiple file operation handlers High
CVE-2026-25161 was published for github.com/alist-org/alist/v3 (Go) Feb 4, 2026
XlabAITeam A7um
okatu-loli
Credited to XlabAITeam, A7um, and okatu-loli
The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and... Moderate Unreviewed
CVE-2025-15487 was published Feb 4, 2026
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local... Moderate Unreviewed
CVE-2026-20982 was published Feb 4, 2026
A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function... Moderate Unreviewed
CVE-2026-1812 was published Feb 4, 2026
A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function... Moderate Unreviewed
CVE-2026-1811 was published Feb 4, 2026
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2020-37088 was published Feb 4, 2026
Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows... Moderate Unreviewed
CVE-2020-37086 was published Feb 4, 2026
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates... Moderate Unreviewed
CVE-2020-37077 was published Feb 4, 2026
melange has a path traversal in license-path which allows reading files outside workspace Moderate
CVE-2026-25145 was published for chainguard.dev/melange (Go) Feb 4, 2026
1seal sil2100
antitree egibs eslerm
Credited to 1seal, sil2100, antitree, egibs, and eslerm
melange QEMU runner could write files outside workspace directory High
CVE-2026-24843 was published for chainguard.dev/melange (Go) Feb 3, 2026
1seal antitree
egibs 89luca89 eslerm
Credited to 1seal, antitree, egibs, 89luca89, and eslerm
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database