GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
Path Traversal in MHolt Archiver
Moderate
CVE-2019-10743
was published
for
github.com/mholt/archiver
(Go)
May 18, 2021
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2021-23391
was published
for
calipso
(npm)
Jun 8, 2021
Exposure of Resource to Wrong Sphere in Zip-Local
Critical
CVE-2021-23484
was published
for
zip-local
(npm)
Feb 1, 2022
Path Traversal in com.alibaba.oneagent:one-java-agent-plugin
Moderate
CVE-2022-25842
was published
for
com.alibaba.oneagent:one-java-agent-plugin
(Maven)
May 3, 2022
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path...
High
Unreviewed
CVE-2022-2788
was published
Aug 20, 2022
Froxlor is vulnerable to path traversal
Moderate
CVE-2023-0316
was published
for
froxlor/froxlor
(Composer)
Jan 16, 2023
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.
High
Unreviewed
CVE-2023-1034
was published
Feb 25, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Critical
CVE-2023-1177
was published
for
mlflow
(pip)
Mar 24, 2023
mlflow Path Traversal vulnerability
Critical
CVE-2023-2780
was published
for
mlflow
(pip)
May 17, 2023
Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
Moderate
CVE-2023-2984
was published
for
pimcore/pimcore
(Composer)
Jun 6, 2023
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by...
High
Unreviewed
CVE-2023-0104
was published
Jul 6, 2023
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12...
High
Unreviewed
CVE-2023-6130
was published
Nov 14, 2023
H2O local file inclusion vulnerability
Critical
CVE-2023-6038
was published
for
ai.h2o:h2o-core
(Maven)
Nov 16, 2023
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in...
High
Unreviewed
CVE-2023-6023
was published
Nov 16, 2023
MLflow Local File Disclosure Vulnerability
High
CVE-2023-6977
was published
for
mlflow
(pip)
Dec 20, 2023
MLFlow Path Traversal Vulnerability
Critical
CVE-2023-6975
was published
for
mlflow
(pip)
Dec 20, 2023
mlflow vulnerable to Path Traversal
Critical
CVE-2024-3573
was published
for
mlflow
(pip)
Apr 16, 2024
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path...
High
Unreviewed
CVE-2024-34470
was published
May 6, 2024
A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows...
Critical
Unreviewed
CVE-2024-2358
was published
May 16, 2024
A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to...
Critical
Unreviewed
CVE-2024-2361
was published
May 16, 2024
ProTip!
Advisories are also available from the
GraphQL API