Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,766
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+

79 advisories

Loading
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs High
CVE-2022-35920 was published for sanic (pip) Aug 6, 2022
Pallets Werkzeug vulnerable to Path Traversal High
CVE-2019-14322 was published for werkzeug (pip) May 24, 2022
Path traversal in binwalk High
CVE-2022-4510 was published for binwalk (pip) Jan 26, 2023
qkaiser
Duplicate Advisory: Starlette vulnerable to directory traversal High
GHSA-qj8w-rv5x-2v9h was published for starlette (pip) Jun 1, 2023 withdrawn
ethyca-fides Webserver API Path Traversal vulnerability High
CVE-2023-36827 was published for ethyca-fides (pip) Jul 6, 2023
daveqnet
sviehb/jefferson vulnerable to path traversal High
CVE-2022-4885 was published for jefferson (pip) Jan 11, 2023
Any file can be included with the pymdown-snippets extension High
CVE-2023-32309 was published for pymdown-extensions (pip) May 15, 2023
itlabbet tvalenta
mflow vulnerable to directory traversal High
CVE-2023-30172 was published for mlflow (pip) May 11, 2023
Path traversal in MLflow High
CVE-2023-6753 was published for mlflow (pip) Dec 13, 2023
Download to arbitrary folder can lead to RCE High
CVE-2023-47890 was published for pyload-ng (pip) Nov 21, 2023
vergl4s
Path traversal in flaskcode High
CVE-2023-52288 was published for flaskcode (pip) Jan 13, 2024
Path traversal in flaskcode High
CVE-2023-52289 was published for flaskcode (pip) Jan 13, 2024
Unsecured endpoints in the jupyter-lsp server extension High
CVE-2024-22415 was published for jupyter-lsp (pip) Jan 18, 2024
Gradio Path Traversal vulnerability High
CVE-2024-0964 was published for gradio (pip) Feb 6, 2024
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks High
CVE-2023-51449 was published for gradio (pip) Dec 21, 2023
Yaniv-git nvn1729
Allegro AI ClearML path traversal vulnerability High
CVE-2024-24591 was published for clearml (pip) Feb 6, 2024
ESPHome vulnerable to remote code execution via arbitrary file write High
CVE-2024-27081 was published for esphome (pip) Mar 1, 2024
Gradio Local File Inclusion vulnerability High
CVE-2024-1728 was published for gradio (pip) Apr 10, 2024
NiceGUI allows potential access to local file system High
CVE-2024-32005 was published for nicegui (pip) Apr 12, 2024
sunriseXu
mlflow vulnerable to Path Traversal High
CVE-2024-1560 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1593 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1594 was published for mlflow (pip) Apr 16, 2024
Path traversal in saltstack High
CVE-2024-22232 was published for salt (pip) Jun 27, 2024
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE High
CVE-2024-5824 was published for lollms (pip) Jun 27, 2024
lollms vulnerable to path traversal due to unauthenticated root folder settings change High
CVE-2024-6085 was published for lollms (pip) Jun 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database