Exploit Database

145,294 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-31523 WRITEUP CRITICAL
PaddlePaddle/Anakin <0.1.1 - Path Traversal
The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31522 WRITEUP CRITICAL
NotVinay/karaokey <2019-12-11 - Path Traversal
The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31521 WRITEUP CRITICAL
Niyaz-Mohamed/mosaic <1.0.0 - Path Traversal
The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31520 WRITEUP CRITICAL
Luxas98/logstash-management-api <2020-05-04 - Path Traversal
The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31519 WRITEUP CRITICAL
Lukasavicus/WindMill <1.0 - Path Traversal
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31518 WRITEUP CRITICAL
JustAnotherSoftwareDeveloper/Python-Recipe-Database <2021-03-31 - P...
The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31517 WRITEUP CRITICAL
HolgerGraef/MSM <2021-04-20 - Path Traversal
The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31516 WRITEUP CRITICAL
Harveyzyh/Python <2022-05-04 - Path Traversal
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31515 WRITEUP CRITICAL
Delor4/CarceresBE <1.0 - Path Traversal
The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31514 WRITEUP CRITICAL
Caoyongqi912/Fan_Platform <2021-04-20 - Path Traversal
The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31513 WRITEUP CRITICAL
BolunHan/Krypton <2021-06-03 - Path Traversal
The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31512 WRITEUP CRITICAL
Atom02/flask-mvc <2020-09-14 - Path Traversal
The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31511 WRITEUP CRITICAL
AFDudley/equanimity <2014-04-23 - Path Traversal
The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31510 WRITEUP CRITICAL
SergeKashkin/Simple-RAT <2022-05-03 - Path Traversal
The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31509 WRITEUP CRITICAL
GitHub iedadata/usap-dc-website <1.0.1 - Path Traversal
The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31508 WRITEUP CRITICAL
idayrus/evoting <2022-05-08 - Path Traversal
The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31507 WRITEUP CRITICAL
ganga-devs/ganga <8.5.10 - Path Traversal
The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31506 WRITEUP CRITICAL
cmusatyalab/opendiamond <10.1.1 - Path Traversal
The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31505 WRITEUP CRITICAL
cheo0/MercadoEnLineaBack - Path Traversal
The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31504 WRITEUP CRITICAL
ChangeWeDer/BaiduWenkuSpider_flaskWeb <2021-11-29 - Path Traversal
The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31503 WRITEUP CRITICAL
orchest <2022.05.0 - Path Traversal
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31502 WRITEUP CRITICAL
operatorequals/wormnest <0.4.7 - Path Traversal
The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31501 WRITEUP CRITICAL
ChaoticOnyx/OnyxForum <2022-05-04 - Path Traversal
The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2021-41232 WRITEUP HIGH
Thunderdome <1.16.3 - Command Injection
Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use.
CVSS 8.1
CVE-2025-53367 WRITEUP HIGH
DjVuLibre <3.5.29 - Buffer Overflow
DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.