GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8,159 advisories
gramps-webapi: Zip Slip Path Traversal in Media Archive Import
Critical
CVE-2026-40258
was published
for
gramps-webapi
(pip)
Apr 10, 2026
Rembg has a Path Traversal via Custom Model Loading
Moderate
CVE-2026-40086
was published
for
rembg
(pip)
Apr 10, 2026
xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern
Moderate
GHSA-vj8v-p5vw-m6v5
was published
for
xrootd
(pip)
Apr 10, 2026
uv vulnerable to arbitrary file deletion through RECORD entries
Low
GHSA-pjjw-68hj-v9mw
was published
for
uv
(pip)
Apr 10, 2026
Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read
High
CVE-2026-40163
was published
for
@saltcorn/server
(npm)
Apr 10, 2026
PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`
Critical
CVE-2026-40157
was published
for
PraisonAI
(pip)
Apr 10, 2026
PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary
Moderate
CVE-2026-40152
was published
for
praisonaiagents
(pip)
Apr 10, 2026
Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
Moderate
CVE-2026-35206
was published
for
helm.sh/helm/v3
(Go)
Apr 10, 2026
Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory
High
CVE-2026-35204
was published
for
helm.sh/helm/v4
(Go)
Apr 10, 2026
AGiXT Vulnerable to Path Traversal in safe_join()
High
CVE-2026-39981
was published
for
agixt
(pip)
Apr 8, 2026
PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling
Moderate
GHSA-766v-q9x3-g744
was published
for
praisonaiagents
(pip)
Apr 8, 2026
quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class
Moderate
CVE-2026-40180
was published
for
io.quarkiverse.openapi.generator:quarkus-openapi-generator
(Maven)
Apr 8, 2026
ProTip!
Advisories are also available from the
GraphQL API