Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Diffoscope may write to arbitrary locations due to an untrusted archive Critical
CVE-2017-0359 was published for diffoscope (pip) Jul 13, 2018
Directory traversal in Django Critical
CVE-2011-0698 was published for Django (pip) Jul 23, 2018
MarkLee131
Credited to MarkLee131
Path traversal in impacket Critical
CVE-2021-31800 was published for impacket (pip) Jun 18, 2021
Arbitrary file reading vulnerability in Aim Critical
CVE-2021-43775 was published for aim (pip) Nov 23, 2021
haby0
Credited to haby0
Files on the host computer can be accessed from the Gradio interface Critical
CVE-2021-43831 was published for gradio (pip) Jan 21, 2022
haby0
Credited to haby0
SaltStack Salt Directory traversal vulnerability in minion id validation Critical
CVE-2017-14695 was published for salt (pip) May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation Critical
CVE-2017-12791 was published for salt (pip) May 17, 2022
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component Critical
CVE-2016-1505 was published for Radicale (pip) May 17, 2022
Path Traversal in django-s3file Critical
CVE-2022-24840 was published for django-s3file (pip) Jun 6, 2022
tunecrew syphar
herrbenesch codingjoe
Credited to tunecrew, syphar, herrbenesch, and codingjoe
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely Critical
CVE-2022-31506 was published for opendiamond (pip) Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function Critical
CVE-2022-31573 was published for chainerrl-visualizer (pip) Jul 12, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely Critical
CVE-2022-31558 was published for shiva (pip) Jul 12, 2022
Ganga allows absolute path traversal Critical
CVE-2022-31507 was published for ganga (pip) Jul 13, 2022
py7zr directory traversal vulnerability Critical
CVE-2022-44900 was published for py7zr (pip) Dec 6, 2022
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs Critical
CVE-2023-1177 was published for mlflow (pip) Mar 24, 2023
MLflow allowed arbitrary files to be PUT onto the server Critical
CVE-2023-6015 was published for mlflow (pip) Nov 16, 2023
Ray Path Traversal vulnerability Critical
CVE-2023-6021 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
Credited to cpropps-sysdig
Path traversal in MLflow Critical
CVE-2023-6831 was published for mlflow (pip) Dec 15, 2023
PaddlePaddle Path Traversal vulnerability Critical
CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
Credited to TheZ3ro
Lektor does not sanitize database path traversal Critical
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
Remote code execution in mlflow Critical
CVE-2024-0520 was published for mlflow (pip) Jun 6, 2024
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
awaelchli
Credited to awaelchli
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database