Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The... High Unreviewed
CVE-2024-6394 was published Sep 30, 2024
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in... High Unreviewed
CVE-2024-2914 was published Jun 6, 2024
LoLLMS Path Traversal vulnerability High
CVE-2024-3429 was published for lollms (pip) Jun 6, 2024
MLflow Path Traversal Vulnerability High
CVE-2023-6909 was published for mlflow (pip) Dec 20, 2023
mlflow Path Traversal vulnerability Critical
CVE-2023-2780 was published for mlflow (pip) May 17, 2023
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
Path Traversal: '\..\filename' in aimhubio/aim Critical Unreviewed
CVE-2024-6396 was published Jul 12, 2024
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path... High Unreviewed
CVE-2024-34470 was published May 6, 2024
Path Traversal: '\..\filename' in GitHub repository stitionai/devika prior to -. Critical Unreviewed
CVE-2024-5926 was published Jun 30, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server High
CVE-2024-6139 was published for lollms (pip) Jun 27, 2024
Remote Code Execution via path traversal bypass in lollms Critical
CVE-2024-5443 was published for lollms (pip) Jun 22, 2024
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the ... Moderate Unreviewed
CVE-2024-4841 was published Jun 23, 2024
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the ... Critical Unreviewed
CVE-2024-5211 was published Jun 12, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the ... High Unreviewed
CVE-2024-2178 was published Jun 2, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically... High Unreviewed
CVE-2024-4322 was published May 16, 2024
A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms... High Unreviewed
CVE-2024-3435 was published May 16, 2024
A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to... Critical Unreviewed
CVE-2024-2361 was published May 16, 2024
A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows... Critical Unreviewed
CVE-2024-2358 was published May 16, 2024
gradio vulnerable to Path Traversal High
CVE-2024-1561 was published for gradio (pip) Apr 16, 2024
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by... High Unreviewed
CVE-2023-0104 was published Jul 6, 2023
Path traversal in MLflow Critical
CVE-2023-6831 was published for mlflow (pip) Dec 15, 2023
Path Traversal in MHolt Archiver Moderate
CVE-2019-10743 was published for github.com/mholt/archiver (Go) May 18, 2021
MLFlow Path Traversal Vulnerability Critical
CVE-2023-6975 was published for mlflow (pip) Dec 20, 2023
MLflow Local File Disclosure Vulnerability High
CVE-2023-6977 was published for mlflow (pip) Dec 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database