Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,883
Maven
5,000+
npm
4,522
NuGet
785
pip
4,262
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

7,651 advisories

Loading
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An... High Unreviewed
CVE-2020-37041 was published Jan 31, 2026
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to... High Unreviewed
CVE-2020-37034 was published Jan 31, 2026
Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac Moderate
CVE-2026-24687 was published for Umbraco.Forms (NuGet) Jan 30, 2026
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty... Critical Unreviewed
CVE-2026-0963 was published Jan 30, 2026
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller... High Unreviewed
CVE-2026-0805 was published Jan 30, 2026
malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction Moderate
CVE-2026-24846 was published for github.com/chainguard-dev/malcontent (Go) Jan 29, 2026
1seal egibs
antitree stevebeattie eslerm
Credited to 1seal, egibs, antitree, stevebeattie, and eslerm
Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that... High Unreviewed
CVE-2020-37015 was published Jan 29, 2026
A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function... Moderate Unreviewed
CVE-2026-1588 was published Jan 29, 2026
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management... High Unreviewed
CVE-2026-1616 was published Jan 29, 2026
SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE Critical
GHSA-c4jr-5q7w-f6r9 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 29, 2026
thxtech
Credited to thxtech
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is... Moderate Unreviewed
CVE-2026-1549 was published Jan 29, 2026
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal High
GHSA-f72r-2h5j-7639 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 28, 2026
EaEa0001
Credited to EaEa0001
A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function... Moderate Unreviewed
CVE-2026-1532 was published Jan 28, 2026
A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks... Moderate Unreviewed
CVE-2025-69601 was published Jan 28, 2026
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to... Moderate Unreviewed
CVE-2020-36970 was published Jan 28, 2026
node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal High
CVE-2026-24842 was published for tar (npm) Jan 28, 2026
mistersiddd
Credited to mistersiddd
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2026-1056 was published Jan 28, 2026
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated... High Unreviewed
CVE-2020-36939 was published Jan 27, 2026
go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names Moderate
CVE-2026-24686 was published for github.com/theupdateframework/go-tuf/v2 (Go) Jan 26, 2026
1seal rdimitrov
kommendorkapten
Credited to 1seal, rdimitrov, and kommendorkapten
Python-Multipart has Arbitrary File Write via Non-Default Configuration High
CVE-2026-24486 was published for python-multipart (pip) Jan 26, 2026
mwlik imenyoo2
Credited to mwlik and imenyoo2
pnpm has Path Traversal via arbitrary file permission modification Moderate
CVE-2026-24131 was published for pnpm (npm) Jan 26, 2026
mldangelo
Credited to mldangelo
BentoML has a Path Traversal via Bentofile Configuration High
CVE-2026-24123 was published for bentoml (pip) Jan 26, 2026
logicx24
Credited to logicx24
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip) Moderate
CVE-2026-23888 was published for pnpm (npm) Jan 26, 2026
mldangelo mgol
Credited to mldangelo and mgol
pnpm has Windows-specific tarball Path Traversal Moderate
CVE-2026-23889 was published for pnpm (npm) Jan 26, 2026
mldangelo
Credited to mldangelo
pnpm has symlink traversal in file:/git dependencies Moderate
CVE-2026-24056 was published for pnpm (npm) Jan 26, 2026
mldangelo
Credited to mldangelo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database