GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
High
CVE-2023-51449
was published
for
gradio
(pip)
Dec 21, 2023
Download to arbitrary folder can lead to RCE
High
CVE-2023-47890
was published
for
pyload-ng
(pip)
Nov 21, 2023
copyparty vulnerable to path traversal attack
High
CVE-2023-37474
was published
for
copyparty
(pip)
Jul 14, 2023
ethyca-fides Webserver API Path Traversal vulnerability
High
CVE-2023-36827
was published
for
ethyca-fides
(pip)
Jul 6, 2023
Duplicate Advisory: Starlette vulnerable to directory traversal
High
GHSA-qj8w-rv5x-2v9h
was published
for
starlette
(pip)
Jun 1, 2023
•
withdrawn
Any file can be included with the pymdown-snippets extension
High
CVE-2023-32309
was published
for
pymdown-extensions
(pip)
May 15, 2023
mflow vulnerable to directory traversal
High
CVE-2023-30172
was published
for
mlflow
(pip)
May 11, 2023
mindsdb arbitrary file write when extracting a remotely retrieved Tarball
High
CVE-2023-30620
was published
for
mindsdb
(pip)
Mar 30, 2023
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location
High
CVE-2022-23522
was published
for
mindsdb
(pip)
Mar 30, 2023
sviehb/jefferson vulnerable to path traversal
High
CVE-2022-4885
was published
for
jefferson
(pip)
Jan 11, 2023
UBI Reader vulnerable to Path Traversal
High
CVE-2022-4572
was published
for
ubi-reader
(pip)
Dec 17, 2022
rdiffweb Path Traversal vulnerability
High
CVE-2022-3389
was published
for
rdiffweb
(pip)
Oct 6, 2022
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs
High
CVE-2022-35920
was published
for
sanic
(pip)
Aug 6, 2022
koji hub allows arbitrary upload destinations
High
CVE-2019-17109
was published
for
koji
(pip)
May 24, 2022
Pallets Werkzeug vulnerable to Path Traversal
High
CVE-2019-14322
was published
for
werkzeug
(pip)
May 24, 2022
Tryton Directory Traversal vulnerability
High
CVE-2013-4510
was published
for
trytond
(pip)
May 17, 2022
Django Directory Traversal via ssi template tag
High
CVE-2013-4315
was published
for
django
(pip)
May 17, 2022
Sanic arbitrary file read and directory traversal
High
CVE-2017-16762
was published
for
sanic
(pip)
May 17, 2022
uWSGI Directory Traversal vulnerability
High
CVE-2018-7490
was published
for
uWSGI
(pip)
May 14, 2022
Django Admin Media Handler Vulnerable to Directory Traversal
High
CVE-2009-2659
was published
for
Django
(pip)
May 2, 2022
CherryPy Malicious cookies allow access to files outside the session directory
High
CVE-2008-0252
was published
for
cherrypy
(pip)
May 1, 2022
CherryPy Directory traversal vulnerability
High
CVE-2006-0847
was published
for
cherrypy
(pip)
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API