GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,809 advisories
Filter by severity
RubyGems Delete directory using symlink when decompressing tar
High
CVE-2019-8320
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Path Traversal vulnerability that affects yard
High
CVE-2019-1020001
was published
for
yard
(RubyGems)
Jul 2, 2019
Path Traversal in serve-here.js
High
GHSA-g8m7-qhv7-9h5x
was published
for
serve-here
(npm)
Jul 5, 2019
Path Traversal in algo-httpserv
High
GHSA-cgjv-rghq-qhgp
was published
for
algo-httpserv
(npm)
Sep 11, 2019
Symlink Arbitrary File Overwrite in bower
High
CVE-2019-5484
was published
for
bower
(npm)
Sep 17, 2019
Path Traversal in LibreNMS
High
CVE-2019-12464
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Path traversal attack on Windows platforms
High
CVE-2019-0207
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Nov 18, 2019
Arbitrary File Write in iobroker.js-controller
High
CVE-2019-10767
was published
for
iobroker.js-controller
(npm)
Dec 2, 2019
npm symlink reference outside of node_modules
High
CVE-2019-16776
was published
for
npm
(npm)
Dec 13, 2019
npm Vulnerable to Global node_modules Binary Overwrite
High
CVE-2019-16777
was published
for
npm
(npm)
Dec 13, 2019
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle
High
CVE-2020-5237
was published
for
oneup/uploader-bundle
(Composer)
Feb 18, 2020
Cross-Site Scripting in http_server
High
CVE-2019-15600
was published
for
http_server
(npm)
Mar 31, 2020
Directory traversal attack in Spring Cloud Config
High
CVE-2020-5410
was published
for
org.springframework.cloud:spring-cloud-config-server
(Maven)
Jun 5, 2020
Directory traversal in Rack::Directory app bundled with Rack
High
CVE-2020-8161
was published
for
rack
(RubyGems)
Jul 6, 2020
Path Traversal in socket.io-file
High
CVE-2020-15779
was published
for
socket.io-file
(npm)
Jul 7, 2020
Directory traversal in rollup-plugin-server
High
CVE-2020-7683
was published
for
rollup-plugin-server
(npm)
Jul 29, 2020
Directory traversal in rollup-plugin-server
High
CVE-2020-7686
was published
for
rollup-plugin-server
(npm)
Jul 29, 2020
Directory Traversal in fancy-server
High
CVE-2014-10066
was published
for
fancy-server
(npm)
Aug 31, 2020
fury-adapter-swagger allows arbitrary file read from system
High
CVE-2016-1000249
was published
for
fury-adapter-swagger
(npm)
Sep 1, 2020
Directory Traversal in fsk-server
High
CVE-2017-16090
was published
for
fsk-server
(npm)
Sep 1, 2020
ProTip!
Advisories are also available from the
GraphQL API