Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

16 advisories

Loading
Directory traversal attack in Spring Cloud Config High
CVE-2020-5410 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Jun 5, 2020
TZInfo relative path traversal vulnerability allows loading of arbitrary files High
CVE-2022-31163 was published for tzinfo (RubyGems) Jul 21, 2022
kratob
Relative Path Traversal in git-delta High
CVE-2021-36376 was published for git-delta (Rust) Aug 25, 2021
Cecil Path Traversal vulnerability High
CVE-2023-4914 was published for cecil/cecil (Composer) Sep 12, 2023
Parse Server may crash when uploading file without extension High
CVE-2023-46119 was published for parse-server (npm) Oct 24, 2023
chriscborg mtrezza
Upload of file to arbitrary path in Apache Flink High
CVE-2020-17518 was published for org.apache.flink:flink-runtime (Maven) Feb 9, 2022
Unsecured endpoints in the jupyter-lsp server extension High
CVE-2024-22415 was published for jupyter-lsp (pip) Jan 18, 2024
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle High
CVE-2020-5237 was published for oneup/uploader-bundle (Composer) Feb 18, 2020
NiceGUI allows potential access to local file system High
CVE-2024-32005 was published for nicegui (pip) Apr 12, 2024
sunriseXu
gix traversal outside working tree enables arbitrary code execution High
CVE-2024-35186 was published for gitoxide (Rust) May 22, 2024
EliahKagan Byron
registry-support: decompress can delete files outside scope via relative paths High
CVE-2024-1485 was published for github.com/devfile/registry-support/registry-library (Go) Feb 14, 2024
cebarks
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files High
CVE-2024-43399 was published for mobsf (pip) Aug 19, 2024
bulutenes
Relative path traversal in mlflow High
CVE-2023-2356 was published for mlflow (pip) Apr 28, 2023
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux mollux
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write High
CVE-2021-41127 was published for rasa (pip) Oct 22, 2021
ProTip! Advisories are also available from the GraphQL API