GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
TorchServe vulnerable to bypass of allowed_urls configuration
Critical
CVE-2024-35198
was published
for
torchserve
(pip)
Jul 18, 2024
parisneo/lollms Local File Inclusion (LFI) attack
Critical
CVE-2024-4315
was published
for
lollms
(pip)
Jun 12, 2024
Lektor does not sanitize database path traversal
Critical
CVE-2024-28335
was published
for
Lektor
(pip)
Mar 27, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Critical
CVE-2024-2044
was published
for
pgAdmin4
(pip)
Mar 7, 2024
PaddlePaddle Path Traversal vulnerability
Critical
CVE-2024-0818
was published
for
paddlepaddle
(pip)
Mar 7, 2024
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182
Critical
CVE-2023-50731
was published
for
mindsdb
(pip)
Dec 15, 2023
MLflow allowed arbitrary files to be PUT onto the server
Critical
CVE-2023-6015
was published
for
mlflow
(pip)
Nov 16, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Critical
CVE-2023-1177
was published
for
mlflow
(pip)
Mar 24, 2023
py7zr directory traversal vulnerability
Critical
CVE-2022-44900
was published
for
py7zr
(pip)
Dec 6, 2022
Ganga allows absolute path traversal
Critical
CVE-2022-31507
was published
for
ganga
(pip)
Jul 13, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31558
was published
for
shiva
(pip)
Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
Critical
CVE-2022-31573
was published
for
chainerrl-visualizer
(pip)
Jul 12, 2022
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31506
was published
for
opendiamond
(pip)
Jul 12, 2022
Path Traversal in django-s3file
Critical
CVE-2022-24840
was published
for
django-s3file
(pip)
Jun 6, 2022
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component
Critical
CVE-2016-1505
was published
for
Radicale
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-12791
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-14695
was published
for
salt
(pip)
May 17, 2022
The Fuck Arbitrary File Deletion via Path Traversal
Critical
CVE-2021-34363
was published
for
thefuck
(pip)
Jun 15, 2021
Diffoscope may write to arbitrary locations due to an untrusted archive
Critical
CVE-2017-0359
was published
for
diffoscope
(pip)
Jul 13, 2018
ProTip!
Advisories are also available from the
GraphQL API