Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

86 advisories

Loading
clearml is vulnerable to Path Traversal through its `safe_extract` function Moderate
CVE-2025-8917 was published for clearml (pip) Oct 5, 2025
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class Moderate
CVE-2025-8406 was published for zenml (pip) Oct 5, 2025
ml-logger has path traversal in the file argument Moderate
CVE-2025-10951 was published for ml-logger (pip) Sep 25, 2025
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction Moderate
CVE-2025-58162 was published for mobsf (pip) Sep 2, 2025
noname1337h1
Credited to noname1337h1
Copier's safe template has filesystem write access outside destination path Moderate
CVE-2025-55214 was published for copier (pip) Aug 18, 2025
sisp pawamoy
yajo
Credited to sisp, pawamoy, and yajo
TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22) Moderate
CVE-2025-55149 was published for tiny-scientist (pip) Aug 11, 2025
Dagster Local File Inclusion vulnerability Moderate
CVE-2025-51481 was published for dagster (pip) Jul 22, 2025
Dagster vulnerable to Path Traversal attack through its /logs endpoint Moderate
CVE-2023-51232 was published for dagster (pip) Jul 7, 2025
LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit Moderate
CVE-2025-6210 was published for llama-index-readers-obsidian (pip) Jul 7, 2025
python-a2a has a path traversal in the create_workflow function Moderate
CVE-2025-6167 was published for python-a2a (pip) Jun 17, 2025
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir Moderate
CVE-2025-6773 was published for lightrag-hku (pip) Jun 27, 2025
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
Salt allows arbitrary directory creation or file deletion Moderate
CVE-2025-22240 was published for salt (pip) Jun 13, 2025
Salt vulnerable to directory traversal attack in minion file cache creation Moderate
CVE-2025-22238 was published for salt (pip) Jun 13, 2025
AWS SAM CLI Path Traversal allows file copy to local cache Moderate
CVE-2025-3048 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
Credited to kevinbackhouse
AWS SAM CLI Path Traversal allows file copy to build container Moderate
CVE-2025-3047 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
Credited to kevinbackhouse
Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint Moderate
CVE-2024-7034 was published for open-webui (pip) Mar 20, 2025
Gradio Path Traversal vulnerability Moderate
CVE-2024-12217 was published for gradio (pip) Mar 20, 2025
pgAdmin 4 vulnerable to directory traversal Moderate
CVE-2023-0241 was published for pgadmin4 (pip) Mar 27, 2023
xml2rfc has file inclusion irregularities Moderate
GHSA-432c-wxpg-m4q3 was published for xml2rfc (pip) Feb 7, 2025
Werkzeug safe_join not safe on Windows Moderate
CVE-2024-49766 was published for Werkzeug (pip) Oct 25, 2024
nvn1729
Credited to nvn1729
Gradio has a one-level read path traversal in `/custom_component` Moderate
CVE-2024-47166 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Credited to ahpaleus and Vasco-jofra
Gradio's `is_in_or_equal` function may be bypassed Moderate
CVE-2024-47164 was published for gradio (pip) Oct 10, 2024
Vasco-jofra ahpaleus
Credited to Vasco-jofra and ahpaleus
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Credited to ahpaleus and Vasco-jofra
keras Path Traversal vulnerability Moderate
CVE-2024-55459 was published for keras (pip) Jan 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database