GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
Remote Code Execution via traversal in TAL expressions
High
GHSA-rpcg-f9q6-2mq6
was published
for
Zope
(pip)
Jun 8, 2021
UBI Reader vulnerable to Path Traversal
High
CVE-2022-4572
was published
for
ubi-reader
(pip)
Dec 17, 2022
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs
High
CVE-2022-35920
was published
for
sanic
(pip)
Aug 6, 2022
Pallets Werkzeug vulnerable to Path Traversal
High
CVE-2019-14322
was published
for
werkzeug
(pip)
May 24, 2022
Duplicate Advisory: Starlette vulnerable to directory traversal
High
GHSA-qj8w-rv5x-2v9h
was published
for
starlette
(pip)
Jun 1, 2023
•
withdrawn
ethyca-fides Webserver API Path Traversal vulnerability
High
CVE-2023-36827
was published
for
ethyca-fides
(pip)
Jul 6, 2023
sviehb/jefferson vulnerable to path traversal
High
CVE-2022-4885
was published
for
jefferson
(pip)
Jan 11, 2023
Any file can be included with the pymdown-snippets extension
High
CVE-2023-32309
was published
for
pymdown-extensions
(pip)
May 15, 2023
mflow vulnerable to directory traversal
High
CVE-2023-30172
was published
for
mlflow
(pip)
May 11, 2023
Download to arbitrary folder can lead to RCE
High
CVE-2023-47890
was published
for
pyload-ng
(pip)
Nov 21, 2023
Unsecured endpoints in the jupyter-lsp server extension
High
CVE-2024-22415
was published
for
jupyter-lsp
(pip)
Jan 18, 2024
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
High
CVE-2023-51449
was published
for
gradio
(pip)
Dec 21, 2023
Allegro AI ClearML path traversal vulnerability
High
CVE-2024-24591
was published
for
clearml
(pip)
Feb 6, 2024
ESPHome vulnerable to remote code execution via arbitrary file write
High
CVE-2024-27081
was published
for
esphome
(pip)
Mar 1, 2024
Gradio Local File Inclusion vulnerability
High
CVE-2024-1728
was published
for
gradio
(pip)
Apr 10, 2024
NiceGUI allows potential access to local file system
High
CVE-2024-32005
was published
for
nicegui
(pip)
Apr 12, 2024
ProTip!
Advisories are also available from the
GraphQL API