Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2022-07-11 CVE-2022-31518 Path Traversal vulnerability in Python-Recipe-Database Project Python-Recipe-Database
The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
python-recipe-database-project CWE-22
6.4
2022-07-11 CVE-2022-31519 Path Traversal vulnerability in Windmill Project Windmill 1.0
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
windmill-project CWE-22
6.4
2022-07-11 CVE-2022-31520 Path Traversal vulnerability in Logstash-Management-Api Project Logstash-Management-Api
The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
logstash-management-api-project CWE-22
6.4
2022-07-11 CVE-2022-31521 Path Traversal vulnerability in Mosaic Project Mosaic 1.0.0
The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
mosaic-project CWE-22
6.4
2022-07-11 CVE-2022-31522 Path Traversal vulnerability in Karaokey Project Karaokey
The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
karaokey-project CWE-22
6.4
2022-07-11 CVE-2022-31523 Path Traversal vulnerability in Paddlepaddle Anakin 0.1.0/0.1.1
The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
paddlepaddle CWE-22
6.4
2022-07-11 CVE-2022-31524 Path Traversal vulnerability in Purestorage Pure Swagger
The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
purestorage CWE-22
6.4
2022-07-11 CVE-2022-31525 Path Traversal vulnerability in Deep Learning Studio Project Deep Learning Studio 0.1.0
The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
deep-learning-studio-project CWE-22
6.4
2022-07-11 CVE-2022-31526 Path Traversal vulnerability in Thunderatz Thunderdocs 20200501
The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
thunderatz CWE-22
6.4
2022-07-11 CVE-2022-31527 Path Traversal vulnerability in Flask-File-Server Project Flask-File-Server
The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
flask-file-server-project CWE-22
6.4