Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,810 advisories

Loading
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
Path Traversal vulnerability that affects yard High
CVE-2019-1020001 was published for yard (RubyGems) Jul 2, 2019
Path Traversal in serve-here.js High
GHSA-g8m7-qhv7-9h5x was published for serve-here (npm) Jul 5, 2019
NLTK Vulnerable To Path Traversal High
CVE-2019-14751 was published for nltk (pip) Aug 23, 2019
Path Traversal in algo-httpserv High
GHSA-cgjv-rghq-qhgp was published for algo-httpserv (npm) Sep 11, 2019
Symlink Arbitrary File Overwrite in bower High
CVE-2019-5484 was published for bower (npm) Sep 17, 2019
Path Traversal in LibreNMS High
CVE-2019-12464 was published for librenms/librenms (Composer) Oct 11, 2019
Path traversal attack on Windows platforms High
CVE-2019-0207 was published for org.apache.tapestry:tapestry-core (Maven) Nov 18, 2019
Arbitrary File Write in iobroker.js-controller High
CVE-2019-10767 was published for iobroker.js-controller (npm) Dec 2, 2019
npm symlink reference outside of node_modules High
CVE-2019-16776 was published for npm (npm) Dec 13, 2019
DanielRuf
npm Vulnerable to Global node_modules Binary Overwrite High
CVE-2019-16777 was published for npm (npm) Dec 13, 2019
DanielRuf
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle High
CVE-2020-5237 was published for oneup/uploader-bundle (Composer) Feb 18, 2020
Cross-Site Scripting in http_server High
CVE-2019-15600 was published for http_server (npm) Mar 31, 2020
Directory traversal attack in Spring Cloud Config High
CVE-2020-5410 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Jun 5, 2020
Directory traversal in Rack::Directory app bundled with Rack High
CVE-2020-8161 was published for rack (RubyGems) Jul 6, 2020
Path Traversal in socket.io-file High
CVE-2020-15779 was published for socket.io-file (npm) Jul 7, 2020
Directory traversal in fast-http High
CVE-2020-7687 was published for fast-http (npm) Jul 27, 2020
Directory traversal in rollup-plugin-server High
CVE-2020-7683 was published for rollup-plugin-server (npm) Jul 29, 2020
Directory traversal in rollup-plugin-server High
CVE-2020-7686 was published for rollup-plugin-server (npm) Jul 29, 2020
Directory Traversal in fancy-server High
CVE-2014-10066 was published for fancy-server (npm) Aug 31, 2020
Directory Traversal in st High
CVE-2014-3744 was published for st (npm) Aug 31, 2020
fury-adapter-swagger allows arbitrary file read from system High
CVE-2016-1000249 was published for fury-adapter-swagger (npm) Sep 1, 2020
Directory Traversal in xtalk High
CVE-2017-16091 was published for xtalk (npm) Sep 1, 2020
Directory Traversal in tiny-http High
CVE-2017-16097 was published for tiny-http (npm) Sep 1, 2020
Directory Traversal in fsk-server High
CVE-2017-16090 was published for fsk-server (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API