Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

323 advisories

Loading
Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags High
GHSA-qmwh-9m9c-h36m was published for github.com/gotenberg/gotenberg/v8 (Go) Apr 7, 2026
kodareef5 Credited to kodareef5
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT... High Unreviewed
CVE-2025-65115 was published Apr 7, 2026
Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites High
CVE-2026-34783 was published for github.com/MontFerret/ferret (Go) Apr 1, 2026
DavidCarliez Credited to DavidCarliez
SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory High
CVE-2026-34522 was published for sillytavern (npm) Apr 1, 2026
maru1009 Credited to maru1009
An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4... High Unreviewed
CVE-2026-30287 was published Apr 1, 2026
An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod... High Unreviewed
CVE-2026-30289 was published Apr 1, 2026
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5... High Unreviewed
CVE-2026-30291 was published Apr 1, 2026
An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows... High Unreviewed
CVE-2026-30292 was published Apr 1, 2026
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate... High Unreviewed
CVE-2026-23898 was published Apr 1, 2026
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API High
CVE-2026-30940 was published for baserproject/basercms (Composer) Mar 31, 2026
kaminuma Credited to kaminuma
A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an... Moderate Unreviewed
CVE-2026-5210 was published Mar 31, 2026
An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to... High Unreviewed
CVE-2026-30284 was published Mar 31, 2026
An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite... Critical Unreviewed
CVE-2026-30281 was published Mar 31, 2026
An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers... Critical Unreviewed
CVE-2026-30276 was published Mar 31, 2026
@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files High
CVE-2026-33949 was published for @tinacms/graphql (npm) Mar 30, 2026
aarjubh Credited to aarjubh
Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation Moderate
CVE-2026-33027 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
dapickle Credited to dapickle
@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools High
CVE-2026-33989 was published for @mobilenext/mobile-mcp (npm) Mar 27, 2026
AbhiTheModder Credited to AbhiTheModder
A flaw was found in libssh where it can attempt to open arbitrary files during configuration... Low Unreviewed
CVE-2026-0965 was published Mar 26, 2026
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to... Moderate Unreviewed
CVE-2019-25618 was published Mar 22, 2026
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,... Moderate Unreviewed
CVE-2026-2351 was published Mar 21, 2026
Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal High
CVE-2026-33476 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 20, 2026
mith36 Credited to mith36
AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php` High
CVE-2026-33354 was published for wwbn/avideo (Composer) Mar 19, 2026
gr00ve3 Credited to gr00ve3
Langflow has an Arbitrary File Write (RCE) via v2 API Critical
CVE-2026-33309 was published for langflow (pip) Mar 19, 2026
akshatgit Credited to akshatgit, abhinavagarwal07, Jkavia, and andifilhohub abhinavagarwal07 abhinavagarwal07
Jkavia Jkavia andifilhohub andifilhohub
SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write High
CVE-2026-32749 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read... High Unreviewed
CVE-2019-25472 was published Mar 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database