GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
446 advisories
Filter by severity
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File...
High
Unreviewed
CVE-2026-8920
was published
Jul 15, 2026
Anyquery: Local File Read (LFR) via Unrestricted SQLite Virtual Table Modules in Server Mode
High
CVE-2026-54629
was published
for
github.com/julien040/anyquery
(Go)
Jul 14, 2026
yutu: Arbitrary File Write via MCP `caption-download` Tool
High
CVE-2026-50158
was published
for
github.com/eat-pray-ai/yutu
(Go)
Jul 14, 2026
Anyquery: Arbitrary File Write (AFW) which could lead to Remote Code Execution (RCE) via Unrestricted ATTACH DATABASE in Server Mode
Critical
CVE-2026-50006
was published
for
github.com/julien040/anyquery
(Go)
Jul 14, 2026
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an...
High
Unreviewed
CVE-2026-50462
was published
Jul 14, 2026
External control of file name or path in SQL Server allows an authorized attacker to elevate...
High
Unreviewed
CVE-2026-55002
was published
Jul 14, 2026
External control of file name or path in Microsoft Office SharePoint allows an authorized...
Moderate
Unreviewed
CVE-2026-54108
was published
Jul 14, 2026
Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including...
High
Unreviewed
CVE-2026-15736
was published
Jul 14, 2026
mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that...
Critical
Unreviewed
CVE-2026-61462
was published
Jul 13, 2026
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element...
Low
Unreviewed
CVE-2026-15540
was published
Jul 13, 2026
OpenPLC Runtime v3 contains an authenticated arbitrary file write
vulnerability in the legacy...
High
Unreviewed
CVE-2026-14480
was published
Jul 11, 2026
mcp-atlassian: Arbitrary server-side file read via attachment upload
High
GHSA-wm45-qh3g-v83f
was published
for
mcp-atlassian
(pip)
Jul 10, 2026
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS...
High
Unreviewed
CVE-2026-59793
was published
Jul 10, 2026
psd-tools vulnerable to arbitrary file write via smart-object filename
Moderate
CVE-2026-49836
was published
for
psd-tools
(pip)
Jul 9, 2026
Rattler vulnerable to package cache path traversal via conda package build string
Moderate
CVE-2026-53956
was published
for
py_rattler
(pip)
Jul 9, 2026
Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths
High
GHSA-52vm-mxx8-f227
was published
for
phantom-audio
(pip)
Jul 9, 2026
Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows...
High
Unreviewed
CVE-2026-59807
was published
Jul 8, 2026
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project ...
High
Unreviewed
CVE-2026-49145
was published
Jul 8, 2026
oasdiff does not enforce --allow-external-refs=false on the git-revision load path (SSRF / local file read)
Moderate
CVE-2026-53508
was published
for
github.com/oasdiff/oasdiff
(Go)
Jul 7, 2026
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File...
High
Unreviewed
CVE-2026-6101
was published
Jul 7, 2026
EGroupware Vulnerable to Local File Inclusion via file:// URI in Mail Compose
Moderate
CVE-2026-45016
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2026
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized...
High
Unreviewed
CVE-2026-58293
was published
Jul 3, 2026
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user...
High
Unreviewed
CVE-2026-8921
was published
Jul 3, 2026
Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB
High
CVE-2026-49360
was published
for
recce
(pip)
Jul 2, 2026
Mautic vulnerable to Path Traversal via Campaign Import
Critical
CVE-2026-9559
was published
for
mautic/core
(Composer)
Jul 2, 2026
ProTip!
Advisories are also available from the
GraphQL API