CWE-22— Path Traversal
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.— MITRE CWE catalog
8,772 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-22page 89 of 176
- CVE-2022-31523CRITICALCVSS 9.3EG 9.32022-07-11
The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31524CRITICALCVSS 9.3EG 9.32022-07-11
The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31525CRITICALCVSS 9.3EG 9.32022-07-11
The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31526CRITICALCVSS 9.3EG 9.32022-07-11
The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31527CRITICALCVSS 9.3EG 9.32022-07-11
The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31528CRITICALCVSS 9.3EG 9.32022-07-11
The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31529CRITICALCVSS 9.3EG 9.32022-07-11
The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31530CRITICALCVSS 9.3EG 9.32022-07-11
The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31531CRITICALCVSS 9.3EG 9.32022-07-11
The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31532CRITICALCVSS 9.3EG 9.32022-07-11
The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31533CRITICALCVSS 9.3EG 9.32022-07-11
The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31534CRITICALCVSS 9.3EG 9.32022-07-11
The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31535CRITICALCVSS 9.3EG 9.32022-07-11
The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31536CRITICALCVSS 9.3EG 9.32022-07-11
The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31537CRITICALCVSS 9.3EG 9.32022-07-11
The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31538CRITICALCVSS 9.3EG 9.32022-07-11
The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31539CRITICALCVSS 9.3EG 9.32022-07-11
The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31540CRITICALCVSS 9.3EG 9.32022-07-11
The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31541CRITICALCVSS 9.3EG 9.32022-07-11
The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31542CRITICALCVSS 9.3EG 9.32022-07-11
The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31543CRITICALCVSS 9.3EG 9.32022-07-11
The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31544CRITICALCVSS 9.3EG 9.32022-07-11
The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31545CRITICALCVSS 9.3EG 9.32022-07-11
The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31546CRITICALCVSS 9.3EG 9.32022-07-11
The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31547CRITICALCVSS 9.3EG 9.32022-07-11
The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31548CRITICALCVSS 9.3EG 9.32022-07-11
The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31549CRITICALCVSS 9.3EG 9.32022-07-11
The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31550CRITICALCVSS 9.3EG 9.32022-07-11
The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31551CRITICALCVSS 9.3EG 9.32022-07-11
The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31552CRITICALCVSS 9.3EG 9.32022-07-11
The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31553CRITICALCVSS 9.3EG 9.32022-07-11
The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31554CRITICALCVSS 9.3EG 9.32022-07-11
The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31555CRITICALCVSS 9.3EG 9.32022-07-11
The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31556CRITICALCVSS 9.3EG 9.32022-07-11
The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31557CRITICALCVSS 9.3EG 9.32022-07-11
The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31558CRITICALCVSS 9.3EG 9.32022-07-11
The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31559CRITICALCVSS 9.3EG 9.32022-07-11
The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31560CRITICALCVSS 9.3EG 9.32022-07-11
The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31561CRITICALCVSS 9.3EG 9.32022-07-11
The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31562CRITICALCVSS 9.3EG 9.32022-07-11
The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31563CRITICALCVSS 9.3EG 9.32022-07-11
The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31564CRITICALCVSS 9.3EG 9.32022-07-11
The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31565CRITICALCVSS 9.3EG 9.32022-07-11
The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31566HIGHCVSS 8.6EG 8.62022-07-11
The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31567CRITICALCVSS 9.3EG 9.32022-07-11
The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31568CRITICALCVSS 9.3EG 9.32022-07-11
The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31570CRITICALCVSS 9.8EG 9.82022-07-11
The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31571CRITICALCVSS 9.3EG 9.32022-07-11
The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31572CRITICALCVSS 9.3EG 9.32022-07-11
The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31573CRITICALCVSS 9.3EG 9.32022-07-11
The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Map vulnerabilities like CWE-22 to your infrastructure
EchelonGraph correlates every CVE — across CWE-22 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →