Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,030
Erlang
29
GitHub Actions
17
Go
1,837
Maven
5,000+
npm
3,575
NuGet
634
pip
3,161
Pub
10
RubyGems
849
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

148 advisories

Loading
Path traveral in Streamlit on windows Moderate
CVE-2024-42474 was published for streamlit (pip) Aug 12, 2024
nvn1729
Weave server API vulnerable to arbitrary file leak High
CVE-2024-7340 was published for weave (pip) Jul 31, 2024
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Local File Inclusion in Solara High
CVE-2024-39903 was published for solara (pip) Jul 12, 2024
sunriseXu
Django Path Traversal vulnerability High
CVE-2024-39330 was published for Django (pip) Jul 10, 2024
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE High
CVE-2024-5824 was published for lollms (pip) Jun 27, 2024
lollms vulnerable to path traversal due to unauthenticated root folder settings change High
CVE-2024-6085 was published for lollms (pip) Jun 27, 2024
Directory creation by malicious user in saltstack Moderate
CVE-2024-22231 was published for salt (pip) Jun 27, 2024
Path traversal in saltstack High
CVE-2024-22232 was published for salt (pip) Jun 27, 2024
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store` Moderate
CVE-2023-49793 was published for codechecker (pip) Jun 24, 2024
Discookie vodorok
whisperity Szelethus bruntib
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
Local file inclusion in gradio High
CVE-2024-4941 was published for gradio (pip) Jun 6, 2024
Litestar and Starlite vulnerable to Path Traversal High
CVE-2024-32982 was published for litestar (pip) May 6, 2024
brian-edgar-re JacobCoffee
langchain vulnerable to path traversal Moderate
CVE-2024-3571 was published for langchain (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1594 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1560 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1593 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1558 was published for mlflow (pip) Apr 16, 2024
mberges21
mlflow Path Traversal vulnerability High
CVE-2024-1483 was published for mlflow (pip) Apr 16, 2024
mberges21
NiceGUI allows potential access to local file system High
CVE-2024-32005 was published for nicegui (pip) Apr 12, 2024
sunriseXu
Gradio Local File Inclusion vulnerability High
CVE-2024-1728 was published for gradio (pip) Apr 10, 2024
Lektor does not sanitize database path traversal Critical
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
Whoogle Search Path Traversal vulnerability Moderate
CVE-2024-22204 was published for whoogle-search (pip) Mar 14, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
PaddlePaddle Path Traversal vulnerability Critical
CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024
ProTip! Advisories are also available from the GraphQL API