GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
214 advisories
Filter by severity
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
@actions/artifact has an Arbitrary File Write via artifact extraction
High
CVE-2024-42471
was published
for
@actions/artifact
(npm)
Sep 3, 2024
unzip-stream allows Arbitrary File Write via artifact extraction
High
GHSA-6jrj-vc65-c983
was published
for
unzip-stream
(npm)
Aug 26, 2024
Nuxt Devtools has a Path Traversal: '../filedir'
High
CVE-2024-23657
was published
for
@nuxt/devtools
(npm)
Aug 5, 2024
Jan path traversal vulnerability
High
CVE-2024-36857
was published
for
@janhq/core
(npm)
Jun 4, 2024
Path traversal in webpack-dev-middleware
High
CVE-2024-29180
was published
for
webpack-dev-middleware
(npm)
Mar 21, 2024
`@backstage/backend-common` vulnerable to path traversal through symlinks
High
CVE-2024-26150
was published
for
@backstage/backend-common
(npm)
Feb 23, 2024
Directory Traversal in evershop
High
CVE-2023-46496
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Parse Server may crash when uploading file without extension
High
CVE-2023-46119
was published
for
parse-server
(npm)
Oct 24, 2023
static-server Path Traversal vulnerability
High
CVE-2023-26152
was published
for
static-server
(npm)
Oct 3, 2023
webui-aria2 Path Traversal vulnerability
High
CVE-2023-39141
was published
for
webui-aria2
(npm)
Aug 22, 2023
m.static Directory Traversal vulnerability
High
CVE-2023-26126
was published
for
m.static
(npm)
May 10, 2023
Arbitrary local file read vulnerability during template rendering
High
CVE-2023-25345
was published
for
swig
(npm)
Mar 15, 2023
node-static and @nubosoftware/node-static vulnerable to Directory Traversal
High
CVE-2023-26111
was published
for
@nubosoftware/node-static
(npm)
Mar 6, 2023
Directory Traversal vulnerability in serve-lite
High
CVE-2022-21192
was published
for
serve-lite
(npm)
Jan 26, 2023
Path Traversal in web-node-server
High
CVE-2020-36651
was published
for
web-node-server
(npm)
Jan 18, 2023
SimbCo httpster vulnerable to Path Traversal
High
CVE-2020-36629
was published
for
httpster
(npm)
Dec 25, 2022
lite-dev-server vulnerable to Directory Traversal
High
CVE-2022-25895
was published
for
lite-dev-server
(npm)
Dec 21, 2022
easy-static-server vulnerable to Directory Traversal
High
CVE-2022-25931
was published
for
easy-static-server
(npm)
Dec 20, 2022
static-dev-server vulnerable to path traversal
High
CVE-2022-25848
was published
for
static-dev-server
(npm)
Nov 29, 2022
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
High
CVE-2022-35204
was published
for
vite
(npm)
Aug 19, 2022
Directory traversal in convert-svg-core
High
CVE-2022-24278
was published
for
convert-svg-core
(npm)
Jun 11, 2022
ProTip!
Advisories are also available from the
GraphQL API