Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

243 advisories

Loading
Gradio has a one-level read path traversal in `/custom_component` Moderate
CVE-2024-47166 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Credited to ahpaleus and Vasco-jofra
Gradio's `is_in_or_equal` function may be bypassed Moderate
CVE-2024-47164 was published for gradio (pip) Oct 10, 2024
Vasco-jofra ahpaleus
Credited to Vasco-jofra and ahpaleus
open-webui allows writing and deleting arbitrary files Moderate
CVE-2024-7037 was published for open-webui (pip) Oct 9, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`) High
CVE-2024-46977 was published for openc3 (RubyGems) Oct 2, 2024
p-
Credited to p-
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
Credited to Letm3through
Composio Path Traversal vulnerability Moderate
CVE-2024-8865 was published for composio-core (pip) Sep 16, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45188 was published for mage-ai (pip) Aug 23, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45189 was published for mage-ai (pip) Aug 23, 2024
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files High
CVE-2024-43399 was published for mobsf (pip) Aug 19, 2024
bulutenes
Credited to bulutenes
Path traveral in Streamlit on windows Moderate
CVE-2024-42474 was published for streamlit (pip) Aug 12, 2024
nvn1729
Credited to nvn1729
Weave server API vulnerable to arbitrary file leak High
CVE-2024-7340 was published for weave (pip) Jul 31, 2024
LoLLMS vulnerable to Expected Behavior Violation High
CVE-2024-6281 was published for lollms (pip) Jul 20, 2024
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Local File Inclusion in Solara High
CVE-2024-39903 was published for solara (pip) Jul 12, 2024
sunriseXu
Credited to sunriseXu
Django Path Traversal vulnerability High
CVE-2024-39330 was published for Django (pip) Jul 10, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
awaelchli
Credited to awaelchli
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE High
CVE-2024-5824 was published for lollms (pip) Jun 27, 2024
lollms vulnerable to path traversal due to unauthenticated root folder settings change High
CVE-2024-6085 was published for lollms (pip) Jun 27, 2024
Directory creation by malicious user in saltstack Moderate
CVE-2024-22231 was published for salt (pip) Jun 27, 2024
Path traversal in saltstack High
CVE-2024-22232 was published for salt (pip) Jun 27, 2024
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store` Moderate
CVE-2023-49793 was published for codechecker (pip) Jun 24, 2024
Discookie vodorok
whisperity Szelethus bruntib
Credited to Discookie, vodorok, whisperity, Szelethus, and bruntib
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
LoLLMS Path Traversal vulnerability High
CVE-2024-3429 was published for lollms (pip) Jun 6, 2024
onnx allows Arbitrary File Overwrite in download_model_with_test_data High
CVE-2024-5187 was published for onnx (pip) Jun 6, 2024
stevegrubb
Credited to stevegrubb
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database