Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

7,598 advisories

Loading
The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for... Moderate Unreviewed
CVE-2025-13725 was published Jan 17, 2026
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all... Moderate Unreviewed
CVE-2025-12002 was published Jan 17, 2026
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization High
CVE-2026-23745 was published for tar (npm) Jan 16, 2026
Jvr2022
Credited to Jvr2022
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs High
GHSA-vx9w-5cx4-9796 was published for crawl4ai (pip) Jan 16, 2026
Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command High
CVE-2026-23535 was published for wlc (pip) Jan 16, 2026
Zee99y nijel
Credited to Zee99y and nijel
SteelSeries Nahimic 3 1.10.7 allows Directory traversal. High Unreviewed
CVE-2025-68921 was published Jan 16, 2026
Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA... High Unreviewed
CVE-2026-22876 was published Jan 16, 2026
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion,... High Unreviewed
CVE-2021-47795 was published Jan 16, 2026
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing... High Unreviewed
CVE-2025-67076 was published Jan 15, 2026
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated... High Unreviewed
CVE-2021-47755 was published Jan 15, 2026
DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface High
CVE-2025-66292 was published for github.com/donknap/dpanel (Go) Jan 15, 2026
pyroxenites
Credited to pyroxenites
Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers... Moderate Unreviewed
CVE-2025-67083 was published Jan 15, 2026
A local user can trigger Harmony SASE Windows client to write or delete files outside the... High Unreviewed
CVE-2025-9142 was published Jan 14, 2026
The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in... Critical Unreviewed
CVE-2025-14502 was published Jan 14, 2026
The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all... Moderate Unreviewed
CVE-2025-15020 was published Jan 14, 2026
The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in... Critical Unreviewed
CVE-2025-14301 was published Jan 14, 2026
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated... High Unreviewed
CVE-2022-50939 was published Jan 14, 2026
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows... High Unreviewed
CVE-2022-50932 was published Jan 14, 2026
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server... High Unreviewed
CVE-2022-50890 was published Jan 14, 2026
YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated... High Unreviewed
CVE-2021-47749 was published Jan 14, 2026
CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal... Moderate Unreviewed
CVE-2021-47751 was published Jan 14, 2026
GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE High
CVE-2026-22871 was published for guarddog (pip) Jan 13, 2026
dwBruijn
Credited to dwBruijn
jaraco.context Has a Path Traversal Vulnerability High
GHSA-58pv-8j8x-9vj2 was published for jaraco.context (pip) Jan 13, 2026
tsigouris007
Credited to tsigouris007
Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal High
CVE-2026-22786 was published for github.com/flipped-aurora/gin-vue-admin (Go) Jan 13, 2026
D0ub1e-D
Credited to D0ub1e-D
In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database... High Unreviewed
CVE-2025-25652 was published Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database