Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

364 advisories

Loading
NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite High
CVE-2026-33236 was published for nltk (pip) Mar 19, 2026
Arbitrary file write via tar traversal in mlflow High
CVE-2025-15031 was published for mlflow (pip) Mar 19, 2026
Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion Critical
CVE-2026-33054 was published for mesop (pip) Mar 18, 2026
liyander Credited to liyander
Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite High
CVE-2026-32116 was published for magic-wormhole (pip) Mar 13, 2026
ikmckenz Credited to ikmckenz
Black: Arbitrary file writes from unsanitized user input in cache file name High
CVE-2026-32274 was published for black (pip) Mar 12, 2026
fg0x0 Credited to fg0x0
MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment Critical
CVE-2026-27825 was published for mcp-atlassian (pip) Mar 10, 2026
yotampe-pluto Credited to yotampe-pluto and gil-maman-p gil-maman-p gil-maman-p
RAGAS has an Arbitrary File Read vulnerability High
CVE-2025-45691 was published for ragas (pip) Mar 5, 2026
adithyan-ak Credited to adithyan-ak
dbt-common's commonprefix() doesn't protect against path traversal Low
CVE-2026-29790 was published for dbt-common (pip) Mar 5, 2026
sethmlarson Credited to sethmlarson and emmyoop emmyoop emmyoop
eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write Moderate
CVE-2026-29780 was published for eml-parser (pip) Mar 5, 2026
redyank Credited to redyank
NLTK has a Path Traversal issue High
CVE-2026-0847 was published for nltk (pip) Mar 4, 2026
changedetection.io has Zip Slip vulnerability in the backup restore functionality High
CVE-2026-29065 was published for changedetection.io (pip) Mar 4, 2026
pussycat0x Credited to pussycat0x and neo-ai-engineer neo-ai-engineer neo-ai-engineer
BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction High
CVE-2026-27905 was published for bentoml (pip) Mar 3, 2026
q1uf3ng Credited to q1uf3ng
OpenViking contains a Path Traversal vulnerability High
CVE-2026-28518 was published for openviking (pip) Mar 3, 2026
OpenChatBI has a Path Traversal Vulnerability in save_report Tool High
CVE-2026-28795 was published for openchatbi (pip) Mar 2, 2026
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+ High
CVE-2026-28414 was published for gradio (pip) Mar 1, 2026
nvn1729 Credited to nvn1729
mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries Moderate
CVE-2026-27735 was published for mcp-server-git (pip) Feb 26, 2026
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2026-27641 was published for flask-reuploaded (pip) Feb 25, 2026
cjaron03 Credited to cjaron03
MindsDB: Path Traversal in /api/files Leading to Remote Code Execution High
CVE-2026-27483 was published for mindsdb (pip) Feb 24, 2026
XlabAITeam Credited to XlabAITeam
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability High
CVE-2026-2033 was published for mlflow (pip) Feb 21, 2026
Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL High
CVE-2026-25640 was published for pydantic-ai (pip) Feb 6, 2026
doredry Credited to doredry, urioren, and amiteliahu urioren urioren
amiteliahu amiteliahu
Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK Critical
CVE-2026-25592 was published for Microsoft.SemanticKernel.Core (NuGet) Feb 6, 2026
doredry Credited to doredry, amiteliahu, and urioren amiteliahu amiteliahu
urioren urioren
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write High
CVE-2026-25732 was published for nicegui (pip) Feb 5, 2026
k14uz Credited to k14uz, falkoschindler, and evnchn falkoschindler falkoschindler
evnchn evnchn
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write Critical
CVE-2025-64712 was published for unstructured (pip) Feb 3, 2026
pip Path Traversal vulnerability Low
CVE-2026-1703 was published for pip (pip) Feb 2, 2026
Python-Multipart has Arbitrary File Write via Non-Default Configuration High
CVE-2026-24486 was published for python-multipart (pip) Jan 26, 2026
mwlik Credited to mwlik, imenyoo2, and davidsilveiro imenyoo2 imenyoo2
davidsilveiro davidsilveiro
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database