GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
28,315 advisories
pnpm has Path Traversal via arbitrary file permission modification
Moderate
CVE-2026-24131
was published
for
pnpm
(npm)
Jan 26, 2026
BentoML has a Path Traversal via Bentofile Configuration
High
CVE-2026-24123
was published
for
bentoml
(pip)
Jan 26, 2026
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)
Moderate
CVE-2026-23888
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm has Windows-specific tarball Path Traversal
Moderate
CVE-2026-23889
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin
Moderate
CVE-2026-23890
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm has symlink traversal in file:/git dependencies
Moderate
CVE-2026-24056
was published
for
pnpm
(npm)
Jan 26, 2026
Withdrawn Advisory: eslint has a Stack Overflow when serializing objects with circular references
Moderate
CVE-2025-50537
was published
for
eslint
(npm)
Jan 26, 2026
•
withdrawn
phpMyFAQ: Public API endpoints expose emails and invisible questions
Moderate
CVE-2026-24422
was published
for
phpmyfaq/phpmyfaq
(Composer)
Jan 23, 2026
phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
Moderate
CVE-2026-24421
was published
for
phpmyfaq/phpmyfaq
(Composer)
Jan 23, 2026
phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)
Moderate
CVE-2026-24420
was published
for
phpmyfaq/phpmyfaq
(Composer)
Jan 23, 2026
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages
Moderate
CVE-2026-24128
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jan 23, 2026
ProTip!
Advisories are also available from the
GraphQL API