Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

8,023 advisories

Loading
A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join... Moderate Unreviewed
CVE-2026-5013 was published Mar 28, 2026
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function... Moderate Unreviewed
CVE-2026-5014 was published Mar 28, 2026
A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the... Moderate Unreviewed
CVE-2026-4997 was published Mar 28, 2026
A security vulnerability has been detected in z-9527 admin up to... Moderate Unreviewed
CVE-2026-4999 was published Mar 28, 2026
TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling... High Unreviewed
CVE-2016-20040 was published Mar 28, 2026
Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the... High Unreviewed
CVE-2016-20041 was published Mar 28, 2026
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to... High Unreviewed
CVE-2016-20048 was published Mar 28, 2026
LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions High
CVE-2026-34070 was published for langchain-core (pip) Mar 27, 2026
jiayuqi7813 Credited to jiayuqi7813, VladimirEliTokarev, and Rickidevs VladimirEliTokarev VladimirEliTokarev
Rickidevs Rickidevs
@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools High
CVE-2026-33989 was published for @mobilenext/mobile-mcp (npm) Mar 27, 2026
AbhiTheModder Credited to AbhiTheModder
Incus has an abitrary file write through its systemd-creds options Critical
CVE-2026-33945 was published for github.com/lxc/incus/v6 (Go) Mar 27, 2026
stgraber Credited to stgraber, grmpyninja, and stamparm grmpyninja grmpyninja
stamparm stamparm
The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart... High Unreviewed
CVE-2026-5027 was published Mar 27, 2026
A path traversal vulnerability exists in the awesome-llm-apps project in commit... High Unreviewed
CVE-2026-29871 was published Mar 27, 2026
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions` Moderate
CVE-2026-28786 was published for open-webui (pip) Mar 27, 2026
akshatgit Credited to akshatgit
Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over... Moderate Unreviewed
CVE-2026-4619 was published Mar 27, 2026
When dovecot has been configured to use per-domain passwd files, and they are placed one path... Moderate Unreviewed
CVE-2026-0394 was published Mar 27, 2026
A malicious SCP server can send unexpected paths that could make the client application override... Moderate Unreviewed
CVE-2026-0964 was published Mar 26, 2026
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11... Moderate Unreviewed
CVE-2026-3112 was published Mar 26, 2026
OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in... High Unreviewed
CVE-2026-32846 was published Mar 26, 2026
BuildKit Git URL subdir component can cause access to restricted files High
CVE-2026-33748 was published for github.com/moby/buildkit (Go) Mar 26, 2026
BuildKit's Malicious frontend can cause file escape outside of storage root High
CVE-2026-33747 was published for github.com/moby/buildkit (Go) Mar 26, 2026
1seal Credited to 1seal
Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically... High Unreviewed
CVE-2025-41368 was published Mar 26, 2026
The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2026-4758 was published Mar 26, 2026
pf4j is vulnerable to Path Traversal or Zip Slip attack through improper handling of zip entry names High
CVE-2025-70952 was published for org.pf4j:pf4j (Maven) Mar 25, 2026
Zoraxy: Authenticated Path Traversal in Config Import leads to RCE Low
CVE-2026-33529 was published for github.com/tobychui/zoraxy (Go) Mar 25, 2026
JakePeralta7 Credited to JakePeralta7
Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil High
CVE-2026-33686 was published for code16/sharp (Composer) Mar 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database