Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

8,445 advisories

Loading
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function... Low Unreviewed
CVE-2026-8770 was published May 18, 2026
A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the... Low Unreviewed
CVE-2026-8765 was published May 18, 2026
A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function... Low Unreviewed
CVE-2026-8754 was published May 17, 2026
A vulnerability has been found in fishaudio Bert-VITS2 up to... Moderate Unreviewed
CVE-2026-8756 was published May 17, 2026
A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The... Moderate Unreviewed
CVE-2026-8755 was published May 17, 2026
A vulnerability was found in adenhq hive up to 0.11.0. This affects the function... Moderate Unreviewed
CVE-2026-8757 was published May 17, 2026
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered... High Unreviewed
CVE-2018-25325 was published May 17, 2026
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows... High Unreviewed
CVE-2018-25326 was published May 17, 2026
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the... Low Unreviewed
CVE-2026-8736 was published May 17, 2026
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that... High Unreviewed
CVE-2021-47979 was published May 16, 2026
Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows... High Unreviewed
CVE-2021-47942 was published May 16, 2026
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory... High Unreviewed
CVE-2021-47977 was published May 16, 2026
Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install` Moderate
CVE-2026-46383 was published for apm-cli (pip) May 15, 2026
0xmrma Credited to 0xmrma
SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion High
CVE-2026-46491 was published for simplesamlphp/simplesamlphp-module-casserver (Composer) May 15, 2026
kamil-sawicki Credited to kamil-sawicki
Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator High
CVE-2026-44716 was published for pipecat-ai (pip) May 15, 2026
AAtomical Credited to AAtomical
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML... Critical Unreviewed
CVE-2026-7182 was published May 15, 2026
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal... Critical Unreviewed
CVE-2026-41552 was published May 15, 2026
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and... High Unreviewed
CVE-2026-6403 was published May 15, 2026
go-billy has path traversal vulnerabilities High
CVE-2026-44973 was published for github.com/go-git/go-billy/v5 (Go) May 14, 2026
faran66 Credited to faran66 and vnykmshr vnykmshr vnykmshr
Portainer has a path traversal in backup archive extraction that allows arbitrary file write Moderate
CVE-2026-44885 was published for github.com/portainer/portainer (Go) May 14, 2026
kolega-ai-dev Credited to kolega-ai-dev
Strapi may leak sensitive data via relational filtering due to lack of query sanitization Critical
CVE-2026-27886 was published for @strapi/strapi (npm) May 14, 2026
WildWestCyberSecurity Credited to WildWestCyberSecurity, innerdvations, derrickmehaffy, and nclsndr innerdvations innerdvations
derrickmehaffy derrickmehaffy nclsndr nclsndr
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and... Moderate Unreviewed
CVE-2026-6670 was published May 14, 2026
Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session... Moderate Unreviewed
CVE-2026-22677 was published May 13, 2026
A potential improper file path validation vulnerability was reported in some Lenovo Personal... High Unreviewed
CVE-2026-6282 was published May 13, 2026
A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an... Moderate Unreviewed
CVE-2026-42780 was published May 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database