Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,037 advisories

Loading
changedetection.io path traversal using file URI scheme without supplying hostname High
CVE-2024-51998 was published for changedetection.io (pip) Nov 7, 2024
Erb3
Moodle has CSRF risk in Feedback non-respondents report High
CVE-2024-43434 was published for moodle/moodle (Composer) Nov 7, 2024
Jenkins Report Info Plugin Path Traversal vulnerability Low
CVE-2024-5273 was published for org.jenkins-ci.plugins:report-info (Maven) May 24, 2024
Moodle LFI vulnerability when restoring malformed block backups Moderate
CVE-2024-43440 was published for moodle/moodle (Composer) Nov 7, 2024
jj vulnerable to path traversal via crafted Git repositories Critical
CVE-2024-51990 was published for jj-lib (Rust) Nov 7, 2024
joernchen yuja
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric
Buildah allows arbitrary directory mount Moderate
CVE-2024-9675 was published for github.com/containers/buildah (Go) Oct 9, 2024
OpenRefine has a path traversal in LoadLanguageCommand High
CVE-2024-49760 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
cap-std doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51756 was published for cap-async-std (Rust) Nov 5, 2024
nathaniel-daniel
Path traversal vulnerability in functional web frameworks High
CVE-2024-38816 was published for org.springframework:spring-webflux (Maven) Sep 13, 2024
Malayke AlexeyTsvetkov
Duplicate Advisory: Reposilite Arbitrary File Read vulnerability High
CVE-2024-36117 was published for com.reposilite:reposilite-backend (Maven) Aug 5, 2024 withdrawn
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`) High
GHSA-82j3-hf72-7x93 was published for com.reposilite:reposilite-backend (Maven) Nov 4, 2024
artsploit
Hashicorp Consul Path Traversal vulnerability High
CVE-2024-10005 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
Adguard Home arbitrary file read vulnerability High
CVE-2024-36814 was published for github.com/AdguardTeam/AdGuardHome (Go) Oct 8, 2024
itz-d0dgy
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
changedetection.io Path Traversal Moderate
CVE-2024-51483 was published for changedetection.io (pip) Nov 1, 2024
chasebowman-contrast
Path traversal in oak allows transfer of hidden files within the served root directory High
CVE-2024-49770 was published for @oakserver/oak (npm) Nov 1, 2024
NeKzor
Langchain Path Traversal vulnerability Moderate
CVE-2024-7774 was published for langchain (npm) Oct 29, 2024
hinthornw
SQL injection in funadmin High
CVE-2024-48224 was published for funadmin/funadmin (Composer) Oct 25, 2024
Jenkins HTML Publisher Plugin Path traversal vulnerability Moderate
CVE-2024-28151 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) Mar 6, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`) High
CVE-2024-46977 was published for openc3 (RubyGems) Oct 2, 2024
p-
PEAR::Archive_Tar Directory Traversal vulnerability Critical
CVE-2006-0931 was published for pear/archive_tar (Composer) May 1, 2022
Rudloff
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses Critical
CVE-2024-47883 was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
Starlette has Path Traversal vulnerability in StaticFiles Moderate
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
ProTip! Advisories are also available from the GraphQL API