Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

514 advisories

Loading
Files on the host computer can be accessed from the Gradio interface High
CVE-2021-43831 was published for gradio (pip) Jan 21, 2022
haby0
Flask-Cors Directory Traversal vulnerability High
CVE-2020-25032 was published for Flask-Cors (pip) May 6, 2021
Path Traversal in Django High
CVE-2021-31542 was published for Django (pip) Jun 4, 2021
tdunlap607
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
Django Directory Traversal via ssi template tag High
CVE-2013-4315 was published for django (pip) May 17, 2022
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-7x4w-cj9r-h4v9 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux mollux
Django Admin Media Handler Vulnerable to Directory Traversal High
CVE-2009-2659 was published for Django (pip) May 2, 2022
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint High
CVE-2024-42485 was published for pxlrbt/filament-excel (Composer) Aug 12, 2024
RChutchev
copyparty vulnerable to path traversal attack High
CVE-2023-37474 was published for copyparty (pip) Jul 14, 2023
TheHackyDog
CherryPy Malicious cookies allow access to files outside the session directory High
CVE-2008-0252 was published for cherrypy (pip) May 1, 2022
anonymous4ACL24
CherryPy Directory traversal vulnerability High
CVE-2006-0847 was published for cherrypy (pip) May 1, 2022
Directory Traversal in Babel High
CVE-2021-42771 was published for babel (pip) Oct 21, 2021
Path traversal vulnerability in stripe-cli High
CVE-2024-45401 was published for github.com/stripe/stripe-cli (Go) Sep 5, 2024
malicious container creates symlink "mtab" on the host External High
CVE-2024-5154 was published for github.com/cri-o/cri-o (Go) Jun 4, 2024
eriksjolund
Path Traversal in Ansible High
CVE-2020-1737 was published for ansible (pip) Apr 20, 2021
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
@actions/download-artifact has an Arbitrary File Write via artifact extraction High
GHSA-cxww-7g56-2vh6 was published for actions/download-artifact (GitHub Actions) Sep 3, 2024
holmanb
Arbitrary file reading vulnerability in Aim High
CVE-2021-43775 was published for aim (pip) Nov 23, 2021
haby0
Ollama can extract members of a ZIP archive outside of the parent directory High
CVE-2024-45436 was published for github.com/ollama/ollama (Go) Aug 29, 2024
unzip-stream allows Arbitrary File Write via artifact extraction High
GHSA-6jrj-vc65-c983 was published for unzip-stream (npm) Aug 26, 2024
Appwrite Directory Traversal vulnerability High
CVE-2022-25377 was published for appwrite/server-ce (Composer) Feb 23, 2024
ProTip! Advisories are also available from the GraphQL API