Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

64 advisories

Loading
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric
changedetection.io Path Traversal Moderate
CVE-2024-51483 was published for changedetection.io (pip) Nov 1, 2024
chasebowman-contrast
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
Werkzeug safe_join not safe on Windows Moderate
CVE-2024-49766 was published for Werkzeug (pip) Oct 25, 2024
nvn1729
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio has a one-level read path traversal in `/custom_component` Moderate
CVE-2024-47166 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio's `is_in_or_equal` function may be bypassed Moderate
CVE-2024-47164 was published for gradio (pip) Oct 10, 2024
Vasco-jofra ahpaleus
open-webui allows writing and deleting arbitrary files Moderate
CVE-2024-7037 was published for open-webui (pip) Oct 9, 2024
Composio Path Traversal vulnerability Moderate
CVE-2024-8865 was published for composio-core (pip) Sep 16, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45189 was published for mage-ai (pip) Aug 23, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45188 was published for mage-ai (pip) Aug 23, 2024
Path traveral in Streamlit on windows Moderate
CVE-2024-42474 was published for streamlit (pip) Aug 12, 2024
nvn1729
Directory creation by malicious user in saltstack Moderate
CVE-2024-22231 was published for salt (pip) Jun 27, 2024
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store` Moderate
CVE-2023-49793 was published for codechecker (pip) Jun 24, 2024
Discookie vodorok
whisperity Szelethus bruntib
langchain vulnerable to path traversal Moderate
CVE-2024-3571 was published for langchain (pip) Apr 16, 2024
Whoogle Search Path Traversal vulnerability Moderate
CVE-2024-22204 was published for whoogle-search (pip) Mar 14, 2024
Ansible symlink attack vulnerability Moderate
CVE-2023-5115 was published for ansible (pip) Dec 28, 2023
TorchServe ZipSlip Moderate
CVE-2023-48299 was published for torchserve (pip) Nov 21, 2023
Ansible galaxy-importer Path Traversal vulnerability Moderate
CVE-2023-5189 was published for galaxy-importer (pip) Nov 15, 2023
Wagtail CRX CodeRed Extensions vulnerable to Path Traversal Moderate
CVE-2021-46897 was published for coderedcms (pip) Oct 22, 2023
GitPython blind local file inclusion Moderate
CVE-2023-41040 was published for GitPython (pip) Aug 30, 2023
stsewd m3t3kh4n
EliahKagan
Pyramid static view path traversal up one directory Moderate
CVE-2023-40587 was published for pyramid (pip) Aug 25, 2023
Starlette has Path Traversal vulnerability in StaticFiles Moderate
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
pretalx allows path traversal in HTML export Moderate
CVE-2023-28458 was published for pretalx (pip) Apr 20, 2023
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location Moderate
CVE-2022-23522 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
ProTip! Advisories are also available from the GraphQL API