Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8,254 advisories

Loading
melange has Path Traversal via .PKGINFO in --persist-lint-results Moderate
CVE-2026-29051 was published for chainguard.dev/melange (Go) Apr 23, 2026
1seal Credited to 1seal and antitree antitree antitree
melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses Moderate
CVE-2026-29050 was published for chainguard.dev/melange (Go) Apr 23, 2026
1seal Credited to 1seal and antitree antitree antitree
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows... Moderate Unreviewed
CVE-2026-6940 was published Apr 23, 2026
Apktool: Path Traversal to Arbitrary File Write High
CVE-2026-39973 was published for org.apktool:apktool-lib (Maven) Apr 23, 2026
caveeroo Credited to caveeroo and IgorEisberg IgorEisberg IgorEisberg
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation... High Unreviewed
CVE-2026-6903 was published Apr 23, 2026
A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote... High Unreviewed
CVE-2026-40062 was published Apr 23, 2026
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on... Moderate Unreviewed
CVE-2026-4917 was published Apr 23, 2026
Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write High
GHSA-r466-rxw4-3j9j was published for @evomap/evolver (npm) Apr 22, 2026
xeloxa Credited to xeloxa
Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability... High Unreviewed
CVE-2026-34414 was published Apr 22, 2026
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to... Moderate Unreviewed
CVE-2025-15470 was published Apr 22, 2026
SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869) High
GHSA-hjh7-r5w8-5872 was published for github.com/siyuan-note/siyuan/kernel (Go) Apr 22, 2026
MCPHub has Path Traversal via Malicious MCPB Manifest Name High
GHSA-p3h2-2j4p-p83g was published for @samanhappy/mcphub (npm) Apr 22, 2026
keyblues Credited to keyblues
Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577) Moderate
GHSA-xjvc-pw2r-6878 was published for flarum/core (Composer) Apr 22, 2026
LiamSnow Credited to LiamSnow and imorland imorland imorland
i18next-locize-backend has URL Injection via Unsanitized Path Parameters Moderate
GHSA-mgcp-mfp8-3q45 was published for i18next-locize-backend (npm) Apr 22, 2026
DDEV has ZipSlip path traversal in tar and zip archive extraction Moderate
CVE-2026-32885 was published for github.com/ddev/ddev (Go) Apr 22, 2026
SnailSploit Credited to SnailSploit
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms... Moderate Unreviewed
CVE-2026-35363 was published Apr 22, 2026
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve... High Unreviewed
CVE-2026-35338 was published Apr 22, 2026
i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite High
GHSA-8847-338w-5hcj was published for i18next-fs-backend (npm) Apr 22, 2026
i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns Moderate
GHSA-q89c-q3h5-w34g was published for i18next-http-backend (npm) Apr 22, 2026
i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters High
GHSA-5fgg-jcpf-8jjw was published for i18next-http-middleware (npm) Apr 22, 2026
CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE Critical
CVE-2026-41203 was published for ci4-cms-erp/ci4ms (Composer) Apr 22, 2026
fg0x0 Credited to fg0x0
CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE Critical
CVE-2026-41202 was published for ci4-cms-erp/ci4ms (Composer) Apr 22, 2026
fg0x0 Credited to fg0x0
A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in... High Unreviewed
CVE-2026-6855 was published Apr 22, 2026
Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 Low
CVE-2026-41140 was published for poetry (pip) Apr 22, 2026
kodareef5 Credited to kodareef5 and radoering radoering radoering
The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions... Moderate Unreviewed
CVE-2026-4280 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database