Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,942
NuGet
711
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Aim path traversal in LockManager.release_locks Critical
CVE-2024-8769 was published for aim (pip) Mar 20, 2025
AgentScope path traversal vulnerability Critical
CVE-2024-8537 was published for agentscope (pip) Mar 20, 2025
An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer,... Critical Unreviewed
CVE-2024-7957 was published Mar 20, 2025
Path Traversal: '\..\filename' in aimhubio/aim Critical Unreviewed
CVE-2024-6396 was published Jul 12, 2024
Path Traversal: '\..\filename' in GitHub repository stitionai/devika prior to -. Critical Unreviewed
CVE-2024-5926 was published Jun 30, 2024
Remote Code Execution via path traversal bypass in lollms Critical
CVE-2024-5443 was published for lollms (pip) Jun 22, 2024
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the ... Critical Unreviewed
CVE-2024-5211 was published Jun 12, 2024
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the... Critical Unreviewed
CVE-2024-4320 was published Jun 6, 2024
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code... Critical Unreviewed
CVE-2024-2360 was published Jun 6, 2024
A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui... Critical Unreviewed
CVE-2024-2624 was published Jun 6, 2024
A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows... Critical Unreviewed
CVE-2024-2358 was published May 16, 2024
A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to... Critical Unreviewed
CVE-2024-2361 was published May 16, 2024
mlflow vulnerable to Path Traversal Critical
CVE-2024-3573 was published for mlflow (pip) Apr 16, 2024
Directory traversal in zenml Critical
CVE-2024-2083 was published for zenml (pip) Apr 16, 2024
MLFlow Path Traversal Vulnerability Critical
CVE-2023-6975 was published for mlflow (pip) Dec 20, 2023
Path traversal in MLflow Critical
CVE-2023-6831 was published for mlflow (pip) Dec 15, 2023
Ray Path Traversal vulnerability Critical
CVE-2023-6021 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
mlflow Path Traversal vulnerability Critical
CVE-2023-2780 was published for mlflow (pip) May 17, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs Critical
CVE-2023-1177 was published for mlflow (pip) Mar 24, 2023
Exposure of Resource to Wrong Sphere in Zip-Local Critical
CVE-2021-23484 was published for zip-local (npm) Feb 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database