Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,413
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,656
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8,099 advisories

Loading
PraisonAI Has Path Traversal in FileTools Critical
CVE-2026-35615 was published for PraisonAI (pip) Apr 6, 2026
kritsana-chaikaew Credited to kritsana-chaikaew
PraisonAI recipe registry publish path traversal allows out-of-root file write High
CVE-2026-39308 was published for PraisonAI (pip) Apr 6, 2026
R1ZZG0D Credited to R1ZZG0D
PraisonAI recipe registry pull path traversal writes files outside the chosen output directory High
CVE-2026-39306 was published for PraisonAI (pip) Apr 6, 2026
R1ZZG0D Credited to R1ZZG0D
Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling Moderate
GHSA-4w7w-66w2-5vf9 was published for vite (npm) Apr 6, 2026
odgrso Credited to odgrso, Ochk0, and bluwy Ochk0 Ochk0
bluwy bluwy
kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write Moderate
CVE-2026-35492 was published for kedro-datasets (pip) Apr 6, 2026
redyank Credited to redyank
A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some... Moderate Unreviewed
CVE-2026-5638 was published Apr 6, 2026
A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file... Moderate Unreviewed
CVE-2026-5597 was published Apr 6, 2026
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2019-25685 was published Apr 5, 2026
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin... Critical Unreviewed
CVE-2019-25687 was published Apr 5, 2026
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers... High Unreviewed
CVE-2019-25671 was published Apr 5, 2026
A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this... Moderate Unreviewed
CVE-2026-5595 was published Apr 5, 2026
A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown... Moderate Unreviewed
CVE-2026-5535 was published Apr 5, 2026
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up... High Unreviewed
CVE-2026-3666 was published Apr 4, 2026
Code Extension Marketplace: Zip Slip Path Traversal High
CVE-2026-35454 was published for github.com/coder/code-marketplace (Go) Apr 4, 2026
vamsik2k5 Credited to vamsik2k5
Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write High
CVE-2026-35214 was published for @budibase/server (npm) Apr 4, 2026
bugbunny-research Credited to bugbunny-research
goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Critical
CVE-2026-35471 was published for github.com/patrickhener/goshs (Go) Apr 3, 2026
autobot23920 Credited to autobot23920
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file... High Unreviewed
CVE-2026-22661 was published Apr 3, 2026
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal... Critical Unreviewed
CVE-2026-28373 was published Apr 3, 2026
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input... High Unreviewed
CVE-2025-59711 was published Apr 3, 2026
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal... High Unreviewed
CVE-2026-4350 was published Apr 3, 2026
goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload Critical
CVE-2026-35393 was published for github.com/patrickhener/goshs (Go) Apr 3, 2026
autobot23920 Credited to autobot23920
goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload Critical
CVE-2026-35392 was published for github.com/patrickhener/goshs (Go) Apr 3, 2026
autobot23920 Credited to autobot23920
Kedro: Path Traversal in versioned dataset loading via unsanitized version string High
CVE-2026-35167 was published for kedro (pip) Apr 3, 2026
OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read Moderate
GHSA-58q2-7r52-jq62 was published for openclaw (npm) Apr 3, 2026
north-echo Credited to north-echo
OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read High
GHSA-f6pf-4gjx-c94r was published for openclaw (npm) Apr 3, 2026
wsparks-vc Credited to wsparks-vc and iskindar iskindar iskindar
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database