Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to... High Unreviewed
CVE-2024-7962 was published Oct 29, 2024
Local File Inclusion in mlflow High
CVE-2024-2928 was published for mlflow (pip) Jun 6, 2024
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The... High Unreviewed
CVE-2024-6394 was published Sep 30, 2024
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in... High Unreviewed
CVE-2024-2914 was published Jun 6, 2024
LoLLMS Path Traversal vulnerability High
CVE-2024-3429 was published for lollms (pip) Jun 6, 2024
MLflow Path Traversal Vulnerability High
CVE-2023-6909 was published for mlflow (pip) Dec 20, 2023
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path... High Unreviewed
CVE-2024-34470 was published May 6, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server High
CVE-2024-6139 was published for lollms (pip) Jun 27, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the ... High Unreviewed
CVE-2024-2178 was published Jun 2, 2024
MLflow has a Local File Read/Path Traversal bypass High
CVE-2024-3848 was published for mlflow (pip) May 16, 2024
A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms... High Unreviewed
CVE-2024-3435 was published May 16, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically... High Unreviewed
CVE-2024-4322 was published May 16, 2024
gradio vulnerable to Path Traversal High
CVE-2024-1561 was published for gradio (pip) Apr 16, 2024
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by... High Unreviewed
CVE-2023-0104 was published Jul 6, 2023
MLflow Local File Disclosure Vulnerability High
CVE-2023-6977 was published for mlflow (pip) Dec 20, 2023
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in... High Unreviewed
CVE-2023-6023 was published Nov 16, 2023
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12... High Unreviewed
CVE-2023-6130 was published Nov 14, 2023
Calipso Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2021-23391 was published for calipso (npm) Jun 8, 2021
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path... High Unreviewed
CVE-2022-2788 was published Aug 20, 2022
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. High Unreviewed
CVE-2023-1034 was published Feb 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database