Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes Moderate
CVE-2026-42593 was published for github.com/gotenberg/gotenberg/v8 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override High
CVE-2026-42845 was published for getgrav/grav-plugin-form (Composer) May 6, 2026
fr0stydev Credited to fr0stydev
changedetection.io has an Arbitrary Local File Read via a crafted backup restore High
CVE-2026-43891 was published for changedetection.io (pip) May 5, 2026
minhlh56 Credited to minhlh56
@evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE) High
GHSA-cfcj-hqpf-hccf was published for @evomap/evolver (npm) May 5, 2026
offset Credited to offset
Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move High
CVE-2026-40893 was published for github.com/gotenberg/gotenberg/v8 (Go) May 4, 2026
AnuragBathani Credited to AnuragBathani
A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function... Moderate Unreviewed
CVE-2026-7633 was published May 2, 2026
i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite High
CVE-2026-41693 was published for i18next-fs-backend (npm) Apr 22, 2026
The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path... High Unreviewed
CVE-2026-4132 was published Apr 22, 2026
nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames Moderate
CVE-2026-39377 was published for nbconvert (pip) Apr 21, 2026
g0blinResearch Credited to g0blinResearch
Duplicate Advisory: OpenClaw: Webchat media embedding enforces local-root containment for tool-result files Moderate
GHSA-qc5j-2mqx-x83q was published for openclaw (npm) Apr 20, 2026 withdrawn
OpenClaw: Webchat media embedding enforces local-root containment for tool-result files Moderate
CVE-2026-41389 was published for openclaw (npm) Apr 17, 2026
Kherrisan Credited to Kherrisan
Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath Moderate
GHSA-3pw3-v88x-xj24 was published for @paperclipai/shared (npm) Apr 16, 2026
lilmingwa13 Credited to lilmingwa13
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an... High Unreviewed
CVE-2026-39907 was published Apr 15, 2026
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to... High Unreviewed
CVE-2026-5809 was published Apr 11, 2026
NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2026-5054 was published Apr 11, 2026
NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability... High Unreviewed
CVE-2026-5053 was published Apr 11, 2026
Rembg has a Path Traversal via Custom Model Loading Moderate
CVE-2026-40086 was published for rembg (pip) Apr 10, 2026
yueyueL Credited to yueyueL
OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration Moderate
CVE-2026-42424 was published for openclaw (npm) Apr 9, 2026
threalwinky Credited to threalwinky
Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags High
GHSA-qmwh-9m9c-h36m was published for github.com/gotenberg/gotenberg/v8 (Go) Apr 7, 2026
kodareef5 Credited to kodareef5
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT... High Unreviewed
CVE-2025-65115 was published Apr 7, 2026
Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites High
CVE-2026-34783 was published for github.com/MontFerret/ferret (Go) Apr 1, 2026
DavidCarliez Credited to DavidCarliez
SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory High
CVE-2026-34522 was published for sillytavern (npm) Apr 1, 2026
maru1009 Credited to maru1009
An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod... High Unreviewed
CVE-2026-30289 was published Apr 1, 2026
An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4... High Unreviewed
CVE-2026-30287 was published Apr 1, 2026
An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows... High Unreviewed
CVE-2026-30292 was published Apr 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database