Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,660 advisories

Loading
Moodle LFI vulnerability when restoring malformed block backups Moderate
CVE-2024-43440 was published for moodle/moodle (Composer) Nov 7, 2024
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and... Moderate Unreviewed
CVE-2024-20529 was published Nov 6, 2024
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and... Moderate Unreviewed
CVE-2024-20532 was published Nov 6, 2024
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and... Moderate Unreviewed
CVE-2024-20527 was published Nov 6, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric
An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful... Moderate Unreviewed
CVE-2024-47464 was published Nov 6, 2024
changedetection.io Path Traversal Moderate
CVE-2024-51483 was published for changedetection.io (pip) Nov 1, 2024
chasebowman-contrast
Langchain Path Traversal vulnerability Moderate
CVE-2024-7774 was published for langchain (npm) Oct 29, 2024
hinthornw
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
Werkzeug safe_join not safe on Windows Moderate
CVE-2024-49766 was published for Werkzeug (pip) Oct 25, 2024
nvn1729
A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this... Moderate Unreviewed
CVE-2024-10379 was published Oct 25, 2024
Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path... Moderate Unreviewed
CVE-2024-45842 was published Oct 25, 2024
RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php. Moderate Unreviewed
CVE-2024-48213 was published Oct 24, 2024
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ... Moderate Unreviewed
CVE-2024-20379 was published Oct 23, 2024
Path traversal in redaxo Moderate
CVE-2024-46212 was published for redaxo/source (Composer) Oct 16, 2024
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the... Moderate Unreviewed
CVE-2024-9676 was published Oct 15, 2024
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path... Moderate Unreviewed
CVE-2024-0129 was published Oct 15, 2024
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. Moderate
CVE-2024-47877 was published for github.com/codeclysm/extract (Go) Oct 11, 2024
buglloc cmaglie
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file... Moderate Unreviewed
CVE-2024-7514 was published Oct 11, 2024
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio has a one-level read path traversal in `/custom_component` Moderate
CVE-2024-47166 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio's `is_in_or_equal` function may be bypassed Moderate
CVE-2024-47164 was published for gradio (pip) Oct 10, 2024
Vasco-jofra ahpaleus
open-webui allows writing and deleting arbitrary files Moderate
CVE-2024-7037 was published for open-webui (pip) Oct 9, 2024
Buildah allows arbitrary directory mount Moderate
CVE-2024-9675 was published for github.com/containers/buildah (Go) Oct 9, 2024
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary... Moderate Unreviewed
CVE-2024-47949 was published Oct 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database