GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
154 advisories
Filter by severity
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Moderate
CVE-2022-23531
was published
for
guarddog
(pip)
Dec 2, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
Moderate
CVE-2022-23530
was published
for
guarddog
(pip)
Dec 5, 2022
Files on the host computer can be accessed from the Gradio interface
High
CVE-2021-43831
was published
for
gradio
(pip)
Jan 21, 2022
Ganga allows absolute path traversal
Critical
CVE-2022-31507
was published
for
ganga
(pip)
Jul 13, 2022
GitPython blind local file inclusion
Moderate
CVE-2023-41040
was published
for
GitPython
(pip)
Aug 30, 2023
Flask-Cors Directory Traversal vulnerability
High
CVE-2020-25032
was published
for
Flask-Cors
(pip)
May 6, 2021
Django Directory Traversal via archive.extract
Moderate
CVE-2021-3281
was published
for
django
(pip)
Mar 18, 2021
Mesop has a local file Inclusion via static file serving functionality
High
CVE-2024-45601
was published
for
mesop
(pip)
Sep 18, 2024
Django Directory Traversal via ssi template tag
High
CVE-2013-4315
was published
for
django
(pip)
May 17, 2022
Composio Path Traversal vulnerability
Moderate
CVE-2024-8865
was published
for
composio-core
(pip)
Sep 16, 2024
Django Admin Media Handler Vulnerable to Directory Traversal
High
CVE-2009-2659
was published
for
Django
(pip)
May 2, 2022
Path Traversal in django-s3file
Critical
CVE-2022-24840
was published
for
django-s3file
(pip)
Jun 6, 2022
Diffoscope may write to arbitrary locations due to an untrusted archive
Critical
CVE-2017-0359
was published
for
diffoscope
(pip)
Jul 13, 2018
copyparty vulnerable to path traversal attack
High
CVE-2023-37474
was published
for
copyparty
(pip)
Jul 14, 2023
CherryPy Malicious cookies allow access to files outside the session directory
High
CVE-2008-0252
was published
for
cherrypy
(pip)
May 1, 2022
CherryPy Directory traversal vulnerability
High
CVE-2006-0847
was published
for
cherrypy
(pip)
May 1, 2022
Cherry Music directory traversal vulnerability
Moderate
CVE-2015-8309
was published
for
CherryMusic
(pip)
May 17, 2022
Apache Airflow Path Traversal vulnerability
Moderate
CVE-2023-22887
was published
for
apache-airflow
(pip)
Jul 12, 2023
ProTip!
Advisories are also available from the
GraphQL API