Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
48
GitHub Actions
48
Go
3,391
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,614
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,545 advisories

Loading
tar has Hardlink Path Traversal via Drive-Relative Linkpath High
CVE-2026-29786 was published for tar (npm) Mar 5, 2026
Jvr2022 Credited to Jvr2022
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path... High Unreviewed
CVE-2026-0847 was published Mar 4, 2026
changedetection.io has Zip Slip vulnerability in the backup restore functionality High
CVE-2026-29065 was published for changedetection.io (pip) Mar 4, 2026
pussycat0x Credited to pussycat0x and neo-ai-engineer neo-ai-engineer neo-ai-engineer
OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths High
CVE-2026-27523 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot High
GHSA-xmv6-r34m-62p4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Experimental apply_patch may bypass workspace-only checks in opt-in sandbox mounts (off by default) High
CVE-2026-32007 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia High
CVE-2026-32030 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw DM pairing-store identities could satisfy group allowlist authorization High
CVE-2026-32027 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths High
CVE-2026-32036 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading High
CVE-2026-28393 was published for openclaw (npm) Mar 3, 2026
akhmittra Credited to akhmittra
BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction High
CVE-2026-27905 was published for bentoml (pip) Mar 3, 2026
q1uf3ng Credited to q1uf3ng
OpenViking contains a Path Traversal vulnerability High
CVE-2026-28518 was published for openviking (pip) Mar 3, 2026
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all... High Unreviewed
CVE-2026-2448 was published Mar 3, 2026
OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset High
CVE-2026-27522 was published for openclaw (npm) Mar 2, 2026
GCXWLP Credited to GCXWLP
OpenClaw has Zip Slip path traversal in tar archive extraction High
CVE-2026-28453 was published for openclaw (npm) Mar 2, 2026
xuemian168 Credited to xuemian168 and ShangzhiXu ShangzhiXu ShangzhiXu
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability High
GHSA-jq4x-98m3-ggq6 was published for openclaw (npm) Mar 2, 2026
zdi-disclosures Credited to zdi-disclosures
OpenChatBI has a Path Traversal Vulnerability in save_report Tool High
CVE-2026-28795 was published for openchatbi (pip) Mar 2, 2026
In openFile of BugreportContentProvider.java, there is a possible way to read and write... High Unreviewed
CVE-2025-48636 was published Mar 2, 2026
In multiple locations, there is a possible bypass of a file path filter designed to prevent... High Unreviewed
CVE-2025-48567 was published Mar 2, 2026
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+ High
CVE-2026-28414 was published for gradio (pip) Mar 1, 2026
nvn1729 Credited to nvn1729
kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories High
CVE-2026-28406 was published for github.com/chainguard-dev/kaniko (Go) Mar 1, 2026
1seal Credited to 1seal
Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google... High Unreviewed
CVE-2026-3223 was published Feb 27, 2026
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI... High Unreviewed
CVE-2026-21659 was published Feb 27, 2026
Vikunja has Path Traversal in CLI Restore High
CVE-2026-27819 was published for code.vikunja.io/api (Go) Feb 26, 2026
The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to... High Unreviewed
CVE-2026-1311 was published Feb 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database