Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

364 advisories

Loading
PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling Moderate
GHSA-766v-q9x3-g744 was published for praisonaiagents (pip) Apr 8, 2026
offset Credited to offset
NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows Moderate
CVE-2026-39844 was published for nicegui (pip) Apr 8, 2026
offset Credited to offset, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
Emmett has a path traversal in internal assets handler High
CVE-2026-39847 was published for emmett (pip) Apr 8, 2026
pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass Moderate
CVE-2026-35592 was published for pyload-ng (pip) Apr 8, 2026
offset Credited to offset
PraisonAI Has Path Traversal in FileTools Critical
CVE-2026-35615 was published for PraisonAI (pip) Apr 6, 2026
kritsana-chaikaew Credited to kritsana-chaikaew
PraisonAI recipe registry publish path traversal allows out-of-root file write High
CVE-2026-39308 was published for PraisonAI (pip) Apr 6, 2026
R1ZZG0D Credited to R1ZZG0D
PraisonAI recipe registry pull path traversal writes files outside the chosen output directory High
CVE-2026-39306 was published for PraisonAI (pip) Apr 6, 2026
R1ZZG0D Credited to R1ZZG0D
PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator Critical
CVE-2026-39305 was published for PraisonAI (pip) Apr 6, 2026
liyander Credited to liyander
PraisonAI Has Arbitrary File Write (Zip Slip) in Templates Extraction High
CVE-2026-39307 was published for PraisonAI (pip) Apr 6, 2026
liyander Credited to liyander
kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write Moderate
CVE-2026-35492 was published for kedro-datasets (pip) Apr 6, 2026
redyank Credited to redyank
Kedro: Path Traversal in versioned dataset loading via unsanitized version string High
CVE-2026-35167 was published for kedro (pip) Apr 3, 2026
ONNX: TOCTOU arbitrary file read/write in save_external_dat High
GHSA-q56x-g2fj-4rj6 was published for onnx (pip) Apr 1, 2026
tsigouris007 Credited to tsigouris007 and kpatsakis kpatsakis kpatsakis
Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode Moderate
CVE-2026-34730 was published for copier (pip) Apr 1, 2026
evipepota Credited to evipepota and sisp sisp sisp
Copier `_subdirectory` allows template root escape via parent-directory traversal Moderate
CVE-2026-34726 was published for copier (pip) Apr 1, 2026
evipepota Credited to evipepota and sisp sisp sisp
Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write High
CVE-2026-34591 was published for poetry (pip) Apr 1, 2026
bekkaze Credited to bekkaze and radoering radoering radoering
ONNX: External Data Symlink Traversal Moderate
CVE-2026-34447 was published for onnx (pip) Apr 1, 2026
jayashwaS Credited to jayashwaS
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load Moderate
CVE-2026-34446 was published for onnx (pip) Apr 1, 2026
ZeroXJacks Credited to ZeroXJacks
SciTokens has an Authorization Bypass via Path Traversal in Scope Validation High
CVE-2026-32727 was published for scitokens (pip) Mar 31, 2026
pmcao Credited to pmcao and djw8605 djw8605 djw8605
LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions High
CVE-2026-34070 was published for langchain-core (pip) Mar 27, 2026
jiayuqi7813 Credited to jiayuqi7813, VladimirEliTokarev, Rickidevs, and kennethkcox VladimirEliTokarev VladimirEliTokarev
Rickidevs Rickidevs kennethkcox kennethkcox
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions` Moderate
CVE-2026-28786 was published for open-webui (pip) Mar 27, 2026
akshatgit Credited to akshatgit
Indico discloses local files resulting in Remote Code Execution through LaTeX injection High
CVE-2026-33046 was published for indico (pip) Mar 23, 2026
dreyercito Credited to dreyercito and daw1012345 daw1012345 daw1012345
langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading High
CVE-2026-33497 was published for langflow (pip) Mar 20, 2026
r00tuser111 Credited to r00tuser111, erichare, and AntonioABLima erichare erichare
AntonioABLima AntonioABLima
pydicom has a path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root High
CVE-2026-32711 was published for pydicom (pip) Mar 20, 2026
jh4nks Credited to jh4nks
PyMuPDF has a path traversal in _main_.py Moderate
CVE-2026-3029 was published for PyMuPDF (pip) Mar 19, 2026
Langflow has an Arbitrary File Write (RCE) via v2 API Critical
CVE-2026-33309 was published for langflow (pip) Mar 19, 2026
akshatgit Credited to akshatgit, abhinavagarwal07, Jkavia, and andifilhohub abhinavagarwal07 abhinavagarwal07
Jkavia Jkavia andifilhohub andifilhohub
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database