GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
358 advisories
Filter by severity
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Moderate
CVE-2024-50336
was published
for
matrix-js-sdk
(npm)
Nov 12, 2024
Moodle LFI vulnerability when restoring malformed block backups
Moderate
CVE-2024-43440
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
changedetection.io Path Traversal
Moderate
CVE-2024-51483
was published
for
changedetection.io
(pip)
Nov 1, 2024
Langchain Path Traversal vulnerability
Moderate
CVE-2024-7774
was published
for
langchain
(npm)
Oct 29, 2024
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
Werkzeug safe_join not safe on Windows
Moderate
CVE-2024-49766
was published
for
Werkzeug
(pip)
Oct 25, 2024
Path traversal in redaxo
Moderate
CVE-2024-46212
was published
for
redaxo/source
(Composer)
Oct 16, 2024
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Moderate
CVE-2024-47877
was published
for
github.com/codeclysm/extract
(Go)
Oct 11, 2024
Gradio has several components with post-process steps allow arbitrary file leaks
Moderate
CVE-2024-47868
was published
for
gradio
(pip)
Oct 10, 2024
Gradio has a one-level read path traversal in `/custom_component`
Moderate
CVE-2024-47166
was published
for
gradio
(pip)
Oct 10, 2024
Gradio's `is_in_or_equal` function may be bypassed
Moderate
CVE-2024-47164
was published
for
gradio
(pip)
Oct 10, 2024
open-webui allows writing and deleting arbitrary files
Moderate
CVE-2024-7037
was published
for
open-webui
(pip)
Oct 9, 2024
Buildah allows arbitrary directory mount
Moderate
CVE-2024-9675
was published
for
github.com/containers/buildah
(Go)
Oct 9, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Moderate
GHSA-277h-px4m-62q8
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
czim/file-handling vulnerable to SSRF and directory traversal
Moderate
CVE-2024-47049
was published
for
czim/file-handling
(Composer)
Sep 17, 2024
Contao affected by directory traversal in the file selector widget
Moderate
CVE-2024-45604
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Composio Path Traversal vulnerability
Moderate
CVE-2024-8865
was published
for
composio-core
(pip)
Sep 16, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45188
was published
for
mage-ai
(pip)
Aug 23, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45189
was published
for
mage-ai
(pip)
Aug 23, 2024
Magento Open Source Path Traversal vulnerability
Moderate
CVE-2024-39406
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Path traveral in Streamlit on windows
Moderate
CVE-2024-42474
was published
for
streamlit
(pip)
Aug 12, 2024
CometVisu Backend for openHAB has a path traversal vulnerability
Moderate
CVE-2024-42468
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
ICEcoder Path Traversal vulnerability
Moderate
CVE-2024-41373
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
ProTip!
Advisories are also available from the
GraphQL API