GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
107 advisories
Filter by severity
Files on the host computer can be accessed from the Gradio interface
Critical
CVE-2021-43831
was published
for
gradio
(pip)
Jan 21, 2022
Arbitrary file reading vulnerability in Aim
Critical
CVE-2021-43775
was published
for
aim
(pip)
Nov 23, 2021
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
PEAR::Archive_Tar Directory Traversal vulnerability
Critical
CVE-2006-0931
was published
for
pear/archive_tar
(Composer)
May 1, 2022
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Critical
CVE-2024-47883
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
Apache Linkis Zip Slip issue
Critical
CVE-2023-27603
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-12791
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-14695
was published
for
salt
(pip)
May 17, 2022
Apache StreamPark Path Traversal vulnerability
Critical
CVE-2022-45802
was published
for
org.apache.streampark:streampark-common_2.11
(Maven)
Jul 6, 2023
py7zr directory traversal vulnerability
Critical
CVE-2022-44900
was published
for
py7zr
(pip)
Dec 6, 2022
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Critical
CVE-2024-48914
was published
for
@vendure/asset-server-plugin
(npm)
Oct 15, 2024
Path Traversal in Apache Shiro
Critical
CVE-2023-34478
was published
for
org.apache.shiro:shiro-web
(Maven)
Jul 24, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Critical
CVE-2023-1177
was published
for
mlflow
(pip)
Mar 24, 2023
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Critical
CVE-2024-47169
was published
for
agnai
(npm)
Sep 26, 2024
Ganga allows absolute path traversal
Critical
CVE-2022-31507
was published
for
ganga
(pip)
Jul 13, 2022
Path Traversal in django-s3file
Critical
CVE-2022-24840
was published
for
django-s3file
(pip)
Jun 6, 2022
Diffoscope may write to arbitrary locations due to an untrusted archive
Critical
CVE-2017-0359
was published
for
diffoscope
(pip)
Jul 13, 2018
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Critical
CVE-2024-23897
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
CLSA Directory Traversal vulnerability
Critical
CVE-2024-28698
was published
for
Csla
(NuGet)
Jul 22, 2024
CometVisu Backend for openHAB affected by RCE through path traversal
Critical
CVE-2024-42469
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
TorchServe vulnerable to bypass of allowed_urls configuration
Critical
CVE-2024-35198
was published
for
torchserve
(pip)
Jul 18, 2024
ProTip!
Advisories are also available from the
GraphQL API