Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

392 advisories

Loading
OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration High
GHSA-57gh-m6rq-54cf was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft Critical
CVE-2026-34361 was published for ca.uhn.hapi.fhir:org.hl7.fhir.validation (Maven) Mar 30, 2026
offset Credited to offset
Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line... Moderate Unreviewed
CVE-2021-4474 was published Mar 26, 2026
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he... High Unreviewed
CVE-2026-4760 was published Mar 25, 2026
SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes Moderate
CVE-2026-32750 was published for github.com/siyuan-note/siyuan (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that... High Unreviewed
CVE-2016-20025 was published Mar 16, 2026
TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction Moderate
CVE-2026-29066 was published for @tinacms/cli (npm) Mar 12, 2026
alaeddine03 Credited to alaeddine03
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated... High Unreviewed
CVE-2018-25164 was published Mar 6, 2026
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas... Critical Unreviewed
CVE-2026-2331 was published Mar 6, 2026
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due... Critical Unreviewed
CVE-2026-2330 was published Mar 6, 2026
Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical... Moderate Unreviewed
CVE-2026-24732 was published Mar 4, 2026
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers... High Unreviewed
CVE-2020-37082 was published Feb 4, 2026
Arbitrary file deletion vulnerability have been identified in a system function of mobility... High Unreviewed
CVE-2025-37168 was published Jan 13, 2026
An arbitrary file deletion vulnerability has been identified in the command-line interface of... Moderate Unreviewed
CVE-2025-37177 was published Jan 13, 2026
phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file... Critical Unreviewed
CVE-2025-69990 was published Jan 13, 2026
The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in... Moderate Unreviewed
CVE-2025-12648 was published Jan 7, 2026
Picklescan vulnerable to Arbitrary File Writing High
GHSA-m273-6v24-x4m4 was published for picklescan (pip) Dec 29, 2025
0x-Apollyon Credited to 0x-Apollyon
V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure... High Unreviewed
CVE-2019-25239 was published Dec 24, 2025
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows... High Unreviewed
CVE-2018-25145 was published Dec 24, 2025
due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and... High Unreviewed
CVE-2025-14896 was published Dec 18, 2025
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14442 was published Dec 12, 2025
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality Moderate
CVE-2025-66625 was published for Umbraco.Cms (NuGet) Dec 9, 2025
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to,... Moderate Unreviewed
CVE-2025-12747 was published Nov 21, 2025
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is... Moderate Unreviewed
CVE-2025-12894 was published Nov 21, 2025
Tanium addressed an arbitrary file deletion vulnerability in TanOS. Moderate Unreviewed
CVE-2025-13225 was published Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database