GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,948
Erlang
29
GitHub Actions
16
Go
1,739
Maven
4,967
npm
3,504
NuGet
607
pip
3,064
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the ...
Critical
Unreviewed
CVE-2024-5211
was published
Jun 12, 2024
A path traversal vulnerability exists in the parisneo/lollms application, specifically within the...
Critical
Unreviewed
CVE-2024-3429
was published
Jun 6, 2024
A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui...
Critical
Unreviewed
CVE-2024-2624
was published
Jun 6, 2024
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the...
Critical
Unreviewed
CVE-2024-4320
was published
Jun 6, 2024
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code...
Critical
Unreviewed
CVE-2024-2360
was published
Jun 6, 2024
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in...
High
Unreviewed
CVE-2024-2914
was published
Jun 6, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the ...
High
Unreviewed
CVE-2024-2178
was published
Jun 2, 2024
MLflow has a Local File Read/Path Traversal bypass
High
CVE-2024-3848
was published
for
mlflow
(pip)
May 16, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically...
High
Unreviewed
CVE-2024-4322
was published
May 16, 2024
A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms...
High
Unreviewed
CVE-2024-3435
was published
May 16, 2024
A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to...
Critical
Unreviewed
CVE-2024-2361
was published
May 16, 2024
A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows...
Critical
Unreviewed
CVE-2024-2358
was published
May 16, 2024
mlflow vulnerable to Path Traversal
Critical
CVE-2024-3573
was published
for
mlflow
(pip)
Apr 16, 2024
H2O local file inclusion vulnerability
Critical
CVE-2023-6038
was published
for
ai.h2o:h2o-core
(Maven)
Nov 16, 2023
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by...
High
Unreviewed
CVE-2023-0104
was published
Jul 6, 2023
Path Traversal in MHolt Archiver
Moderate
CVE-2019-10743
was published
for
github.com/mholt/archiver
(Go)
May 18, 2021
MLFlow Path Traversal Vulnerability
Critical
CVE-2023-6975
was published
for
mlflow
(pip)
Dec 20, 2023
MLflow Local File Disclosure Vulnerability
High
CVE-2023-6977
was published
for
mlflow
(pip)
Dec 20, 2023
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in...
High
Unreviewed
CVE-2023-6023
was published
Nov 16, 2023
ProTip!
Advisories are also available from the
GraphQL API