Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

222 advisories

Loading
mflow vulnerable to directory traversal High
CVE-2023-30172 was published for mlflow (pip) May 11, 2023
pretalx allows path traversal in HTML export Moderate
CVE-2023-28458 was published for pretalx (pip) Apr 20, 2023
pretalx vulnerable to path traversal in HTML export High
CVE-2023-28459 was published for pretalx (pip) Apr 20, 2023
mindsdb arbitrary file write when extracting a remotely retrieved Tarball High
CVE-2023-30620 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location Moderate
CVE-2022-23522 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
pgAdmin 4 vulnerable to directory traversal Moderate
CVE-2023-0241 was published for pgadmin4 (pip) Mar 27, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs Critical
CVE-2023-1177 was published for mlflow (pip) Mar 24, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023
Path traversal in ubi-reader Moderate
CVE-2023-0591 was published for ubi-reader (pip) Jan 31, 2023
qkaiser
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal Moderate
CVE-2022-47951 was published for cinder (pip) Jan 27, 2023
Directory Traversal in onnx High
CVE-2022-25882 was published for onnx (pip) Jan 26, 2023
Path traversal in binwalk High
CVE-2022-4510 was published for binwalk (pip) Jan 26, 2023
qkaiser
Path traversal in spotipy Moderate
CVE-2023-23608 was published for spotipy (pip) Jan 23, 2023
Shaderbug
sviehb/jefferson vulnerable to path traversal High
CVE-2022-4885 was published for jefferson (pip) Jan 11, 2023
UBI Reader vulnerable to Path Traversal Moderate
CVE-2022-4572 was published for ubi-reader (pip) Dec 17, 2022
py7zr directory traversal vulnerability Critical
CVE-2022-44900 was published for py7zr (pip) Dec 6, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package Low
CVE-2022-23530 was published for guarddog (pip) Dec 5, 2022
Sim4n6
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package Low
CVE-2022-23531 was published for guarddog (pip) Dec 2, 2022
rdiffweb Path Traversal vulnerability High
CVE-2022-3389 was published for rdiffweb (pip) Oct 6, 2022
Streamlit directory traversal vulnerability Moderate
CVE-2022-35918 was published for streamlit (pip) Aug 6, 2022
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs High
CVE-2022-35920 was published for sanic (pip) Aug 6, 2022
Ganga allows absolute path traversal Critical
CVE-2022-31507 was published for ganga (pip) Jul 13, 2022
mat2 before 0.13.0 allows directory traversal during the ZIP archive cleaning process. High
CVE-2022-35410 was published for mat2 (pip) Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function Critical
CVE-2022-31573 was published for chainerrl-visualizer (pip) Jul 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database