Exploit Database
145,294 exploits tracked across all sources.
PaddlePaddle/Anakin <0.1.1 - Path Traversal
The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
NotVinay/karaokey <2019-12-11 - Path Traversal
The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Niyaz-Mohamed/mosaic <1.0.0 - Path Traversal
The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Luxas98/logstash-management-api <2020-05-04 - Path Traversal
The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Lukasavicus/WindMill <1.0 - Path Traversal
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
JustAnotherSoftwareDeveloper/Python-Recipe-Database <2021-03-31 - P...
The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
HolgerGraef/MSM <2021-04-20 - Path Traversal
The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Harveyzyh/Python <2022-05-04 - Path Traversal
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Delor4/CarceresBE <1.0 - Path Traversal
The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Caoyongqi912/Fan_Platform <2021-04-20 - Path Traversal
The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
BolunHan/Krypton <2021-06-03 - Path Traversal
The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Atom02/flask-mvc <2020-09-14 - Path Traversal
The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
AFDudley/equanimity <2014-04-23 - Path Traversal
The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
SergeKashkin/Simple-RAT <2022-05-03 - Path Traversal
The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
GitHub iedadata/usap-dc-website <1.0.1 - Path Traversal
The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
idayrus/evoting <2022-05-08 - Path Traversal
The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
ganga-devs/ganga <8.5.10 - Path Traversal
The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
cmusatyalab/opendiamond <10.1.1 - Path Traversal
The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
cheo0/MercadoEnLineaBack - Path Traversal
The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
ChangeWeDer/BaiduWenkuSpider_flaskWeb <2021-11-29 - Path Traversal
The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
orchest <2022.05.0 - Path Traversal
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
operatorequals/wormnest <0.4.7 - Path Traversal
The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
ChaoticOnyx/OnyxForum <2022-05-04 - Path Traversal
The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Thunderdome <1.16.3 - Command Injection
Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use.
CVSS 8.1
DjVuLibre <3.5.29 - Buffer Overflow
DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.
By Source