Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
Remote Code Execution via traversal in TAL expressions High
GHSA-rpcg-f9q6-2mq6 was published for Zope (pip) Jun 8, 2021
Files on the host computer can be accessed from the Gradio interface High
CVE-2021-43831 was published for gradio (pip) Jan 21, 2022
haby0
Path Traversal in pip High
CVE-2019-20916 was published for pip (pip) Jun 9, 2021
UBI Reader vulnerable to Path Traversal High
CVE-2022-4572 was published for ubi-reader (pip) Dec 17, 2022
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs High
CVE-2022-35920 was published for sanic (pip) Aug 6, 2022
rdiffweb Path Traversal vulnerability High
CVE-2022-3389 was published for rdiffweb (pip) Oct 6, 2022
Path Traversal in Zope High
CVE-2021-32633 was published for Zope (pip) Jun 15, 2021
Path Traversal in Zope High
CVE-2021-32674 was published for Zope (pip) Jun 10, 2021
Client metadata path-traversal High
CVE-2021-41131 was published for tuf (pip) Oct 19, 2021
jku
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write High
CVE-2021-41127 was published for rasa (pip) Oct 22, 2021
Path traversal in Matrix Synapse High
CVE-2021-41281 was published for matrix-synapse (pip) Nov 23, 2021
Pallets Werkzeug vulnerable to Path Traversal High
CVE-2019-14322 was published for werkzeug (pip) May 24, 2022
Directory Traversal in onnx High
CVE-2022-25882 was published for onnx (pip) Jan 26, 2023
NLTK Vulnerable To Path Traversal High
CVE-2019-14751 was published for nltk (pip) Aug 23, 2019
Flask-Cors Directory Traversal vulnerability High
CVE-2020-25032 was published for Flask-Cors (pip) May 6, 2021
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location High
CVE-2022-23522 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
Path traversal in binwalk High
CVE-2022-4510 was published for binwalk (pip) Jan 26, 2023
qkaiser
Duplicate Advisory: Starlette vulnerable to directory traversal High
GHSA-qj8w-rv5x-2v9h was published for starlette (pip) Jun 1, 2023 withdrawn
ethyca-fides Webserver API Path Traversal vulnerability High
CVE-2023-36827 was published for ethyca-fides (pip) Jul 6, 2023
daveqnet
sviehb/jefferson vulnerable to path traversal High
CVE-2022-4885 was published for jefferson (pip) Jan 11, 2023
mindsdb arbitrary file write when extracting a remotely retrieved Tarball High
CVE-2023-30620 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
Any file can be included with the pymdown-snippets extension High
CVE-2023-32309 was published for pymdown-extensions (pip) May 15, 2023
itlabbet tvalenta
mflow vulnerable to directory traversal High
CVE-2023-30172 was published for mlflow (pip) May 11, 2023
Path traversal in MLflow High
CVE-2023-6753 was published for mlflow (pip) Dec 13, 2023
Download to arbitrary folder can lead to RCE High
CVE-2023-47890 was published for pyload-ng (pip) Nov 21, 2023
vergl4s
ProTip! Advisories are also available from the GraphQL API