GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Diffoscope may write to arbitrary locations due to an untrusted archive
Critical
CVE-2017-0359
was published
for
diffoscope
(pip)
Jul 13, 2018
Arbitrary file reading vulnerability in Aim
Critical
CVE-2021-43775
was published
for
aim
(pip)
Nov 23, 2021
Files on the host computer can be accessed from the Gradio interface
Critical
CVE-2021-43831
was published
for
gradio
(pip)
Jan 21, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-14695
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-12791
was published
for
salt
(pip)
May 17, 2022
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component
Critical
CVE-2016-1505
was published
for
Radicale
(pip)
May 17, 2022
Path Traversal in django-s3file
Critical
CVE-2022-24840
was published
for
django-s3file
(pip)
Jun 6, 2022
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31506
was published
for
opendiamond
(pip)
Jul 12, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31558
was published
for
shiva
(pip)
Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
Critical
CVE-2022-31573
was published
for
chainerrl-visualizer
(pip)
Jul 12, 2022
Ganga allows absolute path traversal
Critical
CVE-2022-31507
was published
for
ganga
(pip)
Jul 13, 2022
py7zr directory traversal vulnerability
Critical
CVE-2022-44900
was published
for
py7zr
(pip)
Dec 6, 2022
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Critical
CVE-2023-1177
was published
for
mlflow
(pip)
Mar 24, 2023
MLflow allowed arbitrary files to be PUT onto the server
Critical
CVE-2023-6015
was published
for
mlflow
(pip)
Nov 16, 2023
PaddlePaddle Path Traversal vulnerability
Critical
CVE-2024-0818
was published
for
paddlepaddle
(pip)
Mar 7, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Critical
CVE-2024-2044
was published
for
pgAdmin4
(pip)
Mar 7, 2024
Lektor does not sanitize database path traversal
Critical
CVE-2024-28335
was published
for
Lektor
(pip)
Mar 27, 2024
parisneo/lollms Local File Inclusion (LFI) attack
Critical
CVE-2024-4315
was published
for
lollms
(pip)
Jun 12, 2024
TorchServe vulnerable to bypass of allowed_urls configuration
Critical
CVE-2024-35198
was published
for
torchserve
(pip)
Jul 18, 2024
ProTip!
Advisories are also available from the
GraphQL API