GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Froxlor is vulnerable to path traversal
Moderate
CVE-2023-0316
was published
for
froxlor/froxlor
(Composer)
Jan 16, 2023
Path Traversal in com.alibaba.oneagent:one-java-agent-plugin
Moderate
CVE-2022-25842
was published
for
com.alibaba.oneagent:one-java-agent-plugin
(Maven)
May 3, 2022
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2021-23391
was published
for
calipso
(npm)
Jun 8, 2021
Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
Moderate
CVE-2023-2984
was published
for
pimcore/pimcore
(Composer)
Jun 6, 2023
Exposure of Resource to Wrong Sphere in Zip-Local
Critical
CVE-2021-23484
was published
for
zip-local
(npm)
Feb 1, 2022
MLflow Local File Disclosure Vulnerability
High
CVE-2023-6977
was published
for
mlflow
(pip)
Dec 20, 2023
MLFlow Path Traversal Vulnerability
Critical
CVE-2023-6975
was published
for
mlflow
(pip)
Dec 20, 2023
Path Traversal in MHolt Archiver
Moderate
CVE-2019-10743
was published
for
github.com/mholt/archiver
(Go)
May 18, 2021
H2O local file inclusion vulnerability
Critical
CVE-2023-6038
was published
for
ai.h2o:h2o-core
(Maven)
Nov 16, 2023
Remote Code Execution via path traversal bypass in lollms
Critical
CVE-2024-5443
was published
for
lollms
(pip)
Jun 22, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server
High
CVE-2024-6139
was published
for
lollms
(pip)
Jun 27, 2024
Zip slip in opencart
High
CVE-2024-21518
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
mlflow Path Traversal vulnerability
Critical
CVE-2023-2780
was published
for
mlflow
(pip)
May 17, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Critical
CVE-2023-1177
was published
for
mlflow
(pip)
Mar 24, 2023
Langchain Path Traversal vulnerability
Moderate
CVE-2024-7774
was published
for
langchain
(npm)
Oct 29, 2024
luigi Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2024-21542
was published
for
luigi
(pip)
Dec 10, 2024
Gradio Vulnerable to Arbitrary File Deletion
High
CVE-2024-10648
was published
for
gradio
(pip)
Mar 20, 2025
AgentScope path traversal vulnerability
Critical
CVE-2024-8537
was published
for
agentscope
(pip)
Mar 20, 2025
Aim path traversal in LockManager.release_locks
Critical
CVE-2024-8769
was published
for
aim
(pip)
Mar 20, 2025
MLflow has a Local File Read/Path Traversal in dbfs
High
CVE-2024-8859
was published
for
mlflow
(pip)
Mar 20, 2025
ProTip!
Advisories are also available from the
GraphQL API