Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

175 advisories

Loading
Duplicate Advisory: Starlette vulnerable to directory traversal High
GHSA-qj8w-rv5x-2v9h was published for starlette (pip) Jun 1, 2023 withdrawn
Starlette has Path Traversal vulnerability in StaticFiles Moderate
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
Any file can be included with the pymdown-snippets extension High
CVE-2023-32309 was published for pymdown-extensions (pip) May 15, 2023
itlabbet tvalenta
mflow vulnerable to directory traversal High
CVE-2023-30172 was published for mlflow (pip) May 11, 2023
pretalx vulnerable to path traversal in HTML export High
CVE-2023-28459 was published for pretalx (pip) Apr 20, 2023
pretalx allows path traversal in HTML export Moderate
CVE-2023-28458 was published for pretalx (pip) Apr 20, 2023
mindsdb arbitrary file write when extracting a remotely retrieved Tarball High
CVE-2023-30620 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location Moderate
CVE-2022-23522 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
pgAdmin 4 vulnerable to directory traversal Moderate
CVE-2023-0241 was published for pgadmin4 (pip) Mar 27, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs Critical
CVE-2023-1177 was published for mlflow (pip) Mar 24, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023
Path traversal in ubi-reader Moderate
CVE-2023-0591 was published for ubi-reader (pip) Jan 31, 2023
qkaiser
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal Moderate
CVE-2022-47951 was published for cinder (pip) Jan 27, 2023
Directory Traversal in onnx High
CVE-2022-25882 was published for onnx (pip) Jan 26, 2023
Path traversal in binwalk High
CVE-2022-4510 was published for binwalk (pip) Jan 26, 2023
qkaiser
Path traversal in spotipy Moderate
CVE-2023-23608 was published for spotipy (pip) Jan 23, 2023
Shaderbug
sviehb/jefferson vulnerable to path traversal High
CVE-2022-4885 was published for jefferson (pip) Jan 11, 2023
UBI Reader vulnerable to Path Traversal Moderate
CVE-2022-4572 was published for ubi-reader (pip) Dec 17, 2022
py7zr directory traversal vulnerability Critical
CVE-2022-44900 was published for py7zr (pip) Dec 6, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package Low
CVE-2022-23530 was published for guarddog (pip) Dec 5, 2022
Sim4n6
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package Low
CVE-2022-23531 was published for guarddog (pip) Dec 2, 2022
rdiffweb Path Traversal vulnerability High
CVE-2022-3389 was published for rdiffweb (pip) Oct 6, 2022
Streamlit directory traversal vulnerability Moderate
CVE-2022-35918 was published for streamlit (pip) Aug 6, 2022
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs High
CVE-2022-35920 was published for sanic (pip) Aug 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database