Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

357 advisories

Loading
Moodle LFI vulnerability when restoring malformed block backups Moderate
CVE-2024-43440 was published for moodle/moodle (Composer) Nov 7, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric
changedetection.io Path Traversal Moderate
CVE-2024-51483 was published for changedetection.io (pip) Nov 1, 2024
chasebowman-contrast
Langchain Path Traversal vulnerability Moderate
CVE-2024-7774 was published for langchain (npm) Oct 29, 2024
hinthornw
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
Werkzeug safe_join not safe on Windows Moderate
CVE-2024-49766 was published for Werkzeug (pip) Oct 25, 2024
nvn1729
Path traversal in redaxo Moderate
CVE-2024-46212 was published for redaxo/source (Composer) Oct 16, 2024
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. Moderate
CVE-2024-47877 was published for github.com/codeclysm/extract (Go) Oct 11, 2024
buglloc cmaglie
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio has a one-level read path traversal in `/custom_component` Moderate
CVE-2024-47166 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio's `is_in_or_equal` function may be bypassed Moderate
CVE-2024-47164 was published for gradio (pip) Oct 10, 2024
Vasco-jofra ahpaleus
open-webui allows writing and deleting arbitrary files Moderate
CVE-2024-7037 was published for open-webui (pip) Oct 9, 2024
Buildah allows arbitrary directory mount Moderate
CVE-2024-9675 was published for github.com/containers/buildah (Go) Oct 9, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
emilvirkki
@saltcorn/server arbitrary file zip read and download when downloading auto backups Moderate
GHSA-277h-px4m-62q8 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
czim/file-handling vulnerable to SSRF and directory traversal Moderate
CVE-2024-47049 was published for czim/file-handling (Composer) Sep 17, 2024
Contao affected by directory traversal in the file selector widget Moderate
CVE-2024-45604 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Composio Path Traversal vulnerability Moderate
CVE-2024-8865 was published for composio-core (pip) Sep 16, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45189 was published for mage-ai (pip) Aug 23, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45188 was published for mage-ai (pip) Aug 23, 2024
Magento Open Source Path Traversal vulnerability Moderate
CVE-2024-39406 was published for magento/community-edition (Composer) Aug 14, 2024
Path traveral in Streamlit on windows Moderate
CVE-2024-42474 was published for streamlit (pip) Aug 12, 2024
nvn1729
CometVisu Backend for openHAB has a path traversal vulnerability Moderate
CVE-2024-42468 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- peuter
ICEcoder Path Traversal vulnerability Moderate
CVE-2024-41373 was published for icecoder/icecoder (Composer) Jul 26, 2024
@jmondi/url-to-png contains a Path Traversal vulnerability Moderate
CVE-2024-39918 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
ProTip! Advisories are also available from the GraphQL API