GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
63 advisories
Filter by severity
Flask-Cors Directory Traversal vulnerability
High
CVE-2020-25032
was published
for
Flask-Cors
(pip)
May 6, 2021
Remote Code Execution via traversal in TAL expressions
High
GHSA-rpcg-f9q6-2mq6
was published
for
Zope
(pip)
Jun 8, 2021
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write
High
CVE-2021-41127
was published
for
rasa
(pip)
Oct 22, 2021
Path traversal in Matrix Synapse
High
CVE-2021-41281
was published
for
matrix-synapse
(pip)
Nov 23, 2021
Arbitrary file reading vulnerability in Aim
High
CVE-2021-43775
was published
for
aim
(pip)
Nov 23, 2021
Files on the host computer can be accessed from the Gradio interface
High
CVE-2021-43831
was published
for
gradio
(pip)
Jan 21, 2022
CherryPy Directory traversal vulnerability
High
CVE-2006-0847
was published
for
cherrypy
(pip)
May 1, 2022
CherryPy Malicious cookies allow access to files outside the session directory
High
CVE-2008-0252
was published
for
cherrypy
(pip)
May 1, 2022
Django Admin Media Handler Vulnerable to Directory Traversal
High
CVE-2009-2659
was published
for
Django
(pip)
May 2, 2022
uWSGI Directory Traversal vulnerability
High
CVE-2018-7490
was published
for
uWSGI
(pip)
May 14, 2022
Sanic arbitrary file read and directory traversal
High
CVE-2017-16762
was published
for
sanic
(pip)
May 17, 2022
Django Directory Traversal via ssi template tag
High
CVE-2013-4315
was published
for
django
(pip)
May 17, 2022
Tryton Directory Traversal vulnerability
High
CVE-2013-4510
was published
for
trytond
(pip)
May 17, 2022
Pallets Werkzeug vulnerable to Path Traversal
High
CVE-2019-14322
was published
for
werkzeug
(pip)
May 24, 2022
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs
High
CVE-2022-35920
was published
for
sanic
(pip)
Aug 6, 2022
rdiffweb Path Traversal vulnerability
High
CVE-2022-3389
was published
for
rdiffweb
(pip)
Oct 6, 2022
ProTip!
Advisories are also available from the
GraphQL API