Exploit Database

145,294 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-31548 WRITEUP CRITICAL
nrlakin/homepage <2017-03-06 - Path Traversal
The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31547 WRITEUP CRITICAL
noamezekiel/sphere <2020-05-31 - Path Traversal
The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31546 WRITEUP CRITICAL
nlpweb/glance <2014-06-27 - Path Traversal
The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31545 WRITEUP CRITICAL
ml-inory/ModelConverter <2021-04-26 - Path Traversal
The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31544 WRITEUP CRITICAL
meerstein/rbtm <1.5 - Path Traversal
The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31543 WRITEUP CRITICAL
maxtortime/SetupBox <1.0 - Path Traversal
The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31542 WRITEUP CRITICAL
Mandoku/mdweb <2015-05-07 - Path Traversal
The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31541 WRITEUP CRITICAL
lyubolp/Barry-Voice-Assistant <2021-01-18 - Path Traversal
The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31540 WRITEUP CRITICAL
kumardeepak/hin-eng-preprocessing <2019-07-16 - Path Traversal
The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31539 WRITEUP CRITICAL
kotekan/kotekan <2021.11 - Path Traversal
The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31538 WRITEUP CRITICAL
joaopedro-fg/mp-m08-interface <2020-12-10 - Path Traversal
The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31537 WRITEUP CRITICAL
jmcginty15/Solar-system-simulator <2021-07-26 - Path Traversal
The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31536 WRITEUP CRITICAL
jaygarza1982/ytdl-sync <2021-01-02 - Path Traversal
The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31535 WRITEUP CRITICAL
freefood89/Fishtank <2015-06-24 - Path Traversal
The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31534 WRITEUP CRITICAL
echoleegroup/PythonWeb <2018-10-31 - Path Traversal
The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31533 WRITEUP CRITICAL
decentraminds/umbral <2020-01-15 - Path Traversal
The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31532 WRITEUP CRITICAL
dankolbman/travel_blahg <2016-01-16 - Path Traversal
The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31531 WRITEUP CRITICAL
dainst/cilantro <0.0.4 - Path Traversal
The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31530 WRITEUP CRITICAL
csm_server < 3.5 - Path Traversal via Flask send_file
The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31529 WRITEUP CRITICAL
cinemaproject/monorepo <2021-03-03 - Path Traversal
The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31528 WRITEUP CRITICAL
Bonn-Activity-Maps bam-annotation-tool - Path Traversal
The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31527 WRITEUP CRITICAL
Wildog/flask-file-server <2020-02-20 - Path Traversal
The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31526 WRITEUP CRITICAL
ThundeRatz/ThunderDocs <2020-05-01 - Path Traversal
The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31525 WRITEUP CRITICAL
SummaLabs/DLS <0.1.0 - Path Traversal
The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31524 WRITEUP CRITICAL
PureStorage-OpenConnect/swagger <1.1.5 - Path Traversal
The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3