GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Zip slip in opencart
High
CVE-2024-21518
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path...
High
Unreviewed
CVE-2024-34470
was published
May 6, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server
High
CVE-2024-6139
was published
for
lollms
(pip)
Jun 27, 2024
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in...
High
Unreviewed
CVE-2024-2914
was published
Jun 6, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the ...
High
Unreviewed
CVE-2024-2178
was published
Jun 2, 2024
MLflow has a Local File Read/Path Traversal bypass
High
CVE-2024-3848
was published
for
mlflow
(pip)
May 16, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically...
High
Unreviewed
CVE-2024-4322
was published
May 16, 2024
A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms...
High
Unreviewed
CVE-2024-3435
was published
May 16, 2024
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by...
High
Unreviewed
CVE-2023-0104
was published
Jul 6, 2023
MLflow Local File Disclosure Vulnerability
High
CVE-2023-6977
was published
for
mlflow
(pip)
Dec 20, 2023
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in...
High
Unreviewed
CVE-2023-6023
was published
Nov 16, 2023
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12...
High
Unreviewed
CVE-2023-6130
was published
Nov 14, 2023
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2021-23391
was published
for
calipso
(npm)
Jun 8, 2021
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path...
High
Unreviewed
CVE-2022-2788
was published
Aug 20, 2022
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.
High
Unreviewed
CVE-2023-1034
was published
Feb 25, 2023
ProTip!
Advisories are also available from the
GraphQL API