GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
214 advisories
Filter by severity
@actions/artifact has an Arbitrary File Write via artifact extraction
High
CVE-2024-42471
was published
for
@actions/artifact
(npm)
Sep 3, 2024
unzip-stream allows Arbitrary File Write via artifact extraction
High
GHSA-6jrj-vc65-c983
was published
for
unzip-stream
(npm)
Aug 26, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
High
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
Nuxt Devtools has a Path Traversal: '../filedir'
High
CVE-2024-23657
was published
for
@nuxt/devtools
(npm)
Aug 5, 2024
Jan path traversal vulnerability
High
CVE-2024-36857
was published
for
@janhq/core
(npm)
Jun 4, 2024
Path traversal in webpack-dev-middleware
High
CVE-2024-29180
was published
for
webpack-dev-middleware
(npm)
Mar 21, 2024
`@backstage/backend-common` vulnerable to path traversal through symlinks
High
CVE-2024-26150
was published
for
@backstage/backend-common
(npm)
Feb 23, 2024
Directory Traversal in evershop
High
CVE-2023-46496
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Parse Server may crash when uploading file without extension
High
CVE-2023-46119
was published
for
parse-server
(npm)
Oct 24, 2023
static-server Path Traversal vulnerability
High
CVE-2023-26152
was published
for
static-server
(npm)
Oct 3, 2023
webui-aria2 Path Traversal vulnerability
High
CVE-2023-39141
was published
for
webui-aria2
(npm)
Aug 22, 2023
m.static Directory Traversal vulnerability
High
CVE-2023-26126
was published
for
m.static
(npm)
May 10, 2023
Arbitrary local file read vulnerability during template rendering
High
CVE-2023-25345
was published
for
swig
(npm)
Mar 15, 2023
node-static and @nubosoftware/node-static vulnerable to Directory Traversal
High
CVE-2023-26111
was published
for
@nubosoftware/node-static
(npm)
Mar 6, 2023
JSZip contains Path Traversal via loadAsync
High
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
Directory Traversal vulnerability in serve-lite
High
CVE-2022-21192
was published
for
serve-lite
(npm)
Jan 26, 2023
Path Traversal in web-node-server
High
CVE-2020-36651
was published
for
web-node-server
(npm)
Jan 18, 2023
SimbCo httpster vulnerable to Path Traversal
High
CVE-2020-36629
was published
for
httpster
(npm)
Dec 25, 2022
lite-dev-server vulnerable to Directory Traversal
High
CVE-2022-25895
was published
for
lite-dev-server
(npm)
Dec 21, 2022
easy-static-server vulnerable to Directory Traversal
High
CVE-2022-25931
was published
for
easy-static-server
(npm)
Dec 20, 2022
static-dev-server vulnerable to path traversal
High
CVE-2022-25848
was published
for
static-dev-server
(npm)
Nov 29, 2022
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
High
CVE-2022-35204
was published
for
vite
(npm)
Aug 19, 2022
Directory traversal in convert-svg-core
High
CVE-2022-24278
was published
for
convert-svg-core
(npm)
Jun 11, 2022
ProTip!
Advisories are also available from the
GraphQL API