Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

358 advisories

Loading
Buildah allows arbitrary directory mount Moderate
CVE-2024-9675 was published for github.com/containers/buildah (Go) Oct 9, 2024
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal Moderate
CVE-2024-50336 was published for matrix-js-sdk (npm) Nov 12, 2024
Moodle LFI vulnerability when restoring malformed block backups Moderate
CVE-2024-43440 was published for moodle/moodle (Composer) Nov 7, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
changedetection.io Path Traversal Moderate
CVE-2024-51483 was published for changedetection.io (pip) Nov 1, 2024
chasebowman-contrast
Langchain Path Traversal vulnerability Moderate
CVE-2024-7774 was published for langchain (npm) Oct 29, 2024
hinthornw
Jenkins HTML Publisher Plugin Path traversal vulnerability Moderate
CVE-2024-28151 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) Mar 6, 2024
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
Starlette has Path Traversal vulnerability in StaticFiles Moderate
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
S3Scanner allows Directory Traversal Moderate
CVE-2021-32061 was published for s3scanner (pip) Nov 30, 2021
Werkzeug safe_join not safe on Windows Moderate
CVE-2024-49766 was published for Werkzeug (pip) Oct 25, 2024
nvn1729
SaltStack Salt Directory Traversal vulnerability in salt-api Moderate
CVE-2018-15750 was published for salt (pip) May 13, 2022
Absolute path traversal vulnerability in digdag server Moderate
CVE-2024-25125 was published for io.digdag:digdag-server (Maven) Feb 14, 2024
p-
Directory Traversal in pyftpdlib Moderate
CVE-2007-6736 was published for pyftpdlib (pip) May 1, 2022
pretalx allows path traversal in HTML export Moderate
CVE-2023-28458 was published for pretalx (pip) Apr 20, 2023
Plone vulnerable to filesystem information leak Moderate
CVE-2016-7135 was published for Plone (pip) May 14, 2022
Path traversal in redaxo Moderate
CVE-2024-46212 was published for redaxo/source (Composer) Oct 16, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
emilvirkki
Directory traversal in pyftpdlib Moderate
CVE-2008-7262 was published for pyftpdlib (pip) May 17, 2022
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. Moderate
CVE-2024-47877 was published for github.com/codeclysm/extract (Go) Oct 11, 2024
buglloc cmaglie
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio's `is_in_or_equal` function may be bypassed Moderate
CVE-2024-47164 was published for gradio (pip) Oct 10, 2024
Vasco-jofra ahpaleus
Gradio has a one-level read path traversal in `/custom_component` Moderate
CVE-2024-47166 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
open-webui allows writing and deleting arbitrary files Moderate
CVE-2024-7037 was published for open-webui (pip) Oct 9, 2024
ProTip! Advisories are also available from the GraphQL API