Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

552 advisories

Loading
NiceGUI allows potential access to local file system High
CVE-2024-32005 was published for nicegui (pip) Apr 12, 2024
sunriseXu
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux mollux
Gradio Local File Inclusion vulnerability High
CVE-2024-1728 was published for gradio (pip) Apr 10, 2024
gin-vue-admin background arbitrary code coverage vulnerability High
CVE-2024-31457 was published for github.com/flipped-aurora/gin-vue-admin/server (Go) Apr 9, 2024
Grav File Upload Path Traversal High
CVE-2024-27921 was published for getgrav/grav (Composer) Mar 22, 2024
richighimi
Path traversal in webpack-dev-middleware High
CVE-2024-29180 was published for webpack-dev-middleware (npm) Mar 21, 2024
palirichtarik
GeoServer log file path traversal vulnerability High
CVE-2023-41877 was published for org.geoserver:gs-main (Maven) Mar 20, 2024
Anthares101 sumiitgurjar
Container escape at build time High
GHSA-pmf3-c36m-g5cf was published for github.com/containers/buildah (Go) Mar 19, 2024
rmcnamara-snyk
Path traversal in flaskcode Devan-Kerman ARRP High
CVE-2024-24042 was published for net.devtech:arrp (Maven) Mar 19, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification High
CVE-2024-27317 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
ESPHome vulnerable to remote code execution via arbitrary file write High
CVE-2024-27081 was published for esphome (pip) Mar 1, 2024
Onnx Directory Traversal vulnerability High
CVE-2024-27318 was published for onnx (pip) Feb 23, 2024
iarspider
`@backstage/backend-common` vulnerable to path traversal through symlinks High
CVE-2024-26150 was published for @backstage/backend-common (npm) Feb 23, 2024
Appwrite Directory Traversal vulnerability High
CVE-2022-25377 was published for appwrite/server-ce (Composer) Feb 23, 2024
OpenRefine JDBC Attack Vulnerability High
CVE-2024-23833 was published for org.openrefine:database (Maven) Feb 12, 2024
l0n3rs
Allegro AI ClearML path traversal vulnerability High
CVE-2024-24591 was published for clearml (pip) Feb 6, 2024
Apache Sling Servlets Resolver executes malicious code via path traversal High
CVE-2024-23673 was published for org.apache.sling:org.apache.sling.servlets.resolver (Maven) Feb 6, 2024
Gradio Path Traversal vulnerability High
CVE-2024-0964 was published for gradio (pip) Feb 6, 2024
Grafana path traversal High
CVE-2021-43798 was published for github.com/grafana/grafana (Go) Feb 1, 2024
jordyv
aiohttp is vulnerable to directory traversal High
CVE-2024-23334 was published for aiohttp (pip) Jan 29, 2024
lcttty solarpeng502
Unsecured endpoints in the jupyter-lsp server extension High
CVE-2024-22415 was published for jupyter-lsp (pip) Jan 18, 2024
Path traversal in flaskcode High
CVE-2023-52288 was published for flaskcode (pip) Jan 13, 2024
Path traversal in flaskcode High
CVE-2023-52289 was published for flaskcode (pip) Jan 13, 2024
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks High
CVE-2023-51449 was published for gradio (pip) Dec 21, 2023
Yaniv-git nvn1729
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182 High
CVE-2023-50731 was published for mindsdb (pip) Dec 15, 2023
sylwia-budzynska
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database