GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
@actions/artifact has an Arbitrary File Write via artifact extraction
High
CVE-2024-42471
was published
for
@actions/artifact
(npm)
Sep 3, 2024
unzip-stream allows Arbitrary File Write via artifact extraction
High
GHSA-6jrj-vc65-c983
was published
for
unzip-stream
(npm)
Aug 26, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
High
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
Nuxt Devtools has a Path Traversal: '../filedir'
High
CVE-2024-23657
was published
for
@nuxt/devtools
(npm)
Aug 5, 2024
Jan path traversal vulnerability
High
CVE-2024-36857
was published
for
@janhq/core
(npm)
Jun 4, 2024
Path traversal in webpack-dev-middleware
High
CVE-2024-29180
was published
for
webpack-dev-middleware
(npm)
Mar 21, 2024
`@backstage/backend-common` vulnerable to path traversal through symlinks
High
CVE-2024-26150
was published
for
@backstage/backend-common
(npm)
Feb 23, 2024
Directory Traversal in evershop
High
CVE-2023-46496
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Parse Server may crash when uploading file without extension
High
CVE-2023-46119
was published
for
parse-server
(npm)
Oct 24, 2023
static-server Path Traversal vulnerability
High
CVE-2023-26152
was published
for
static-server
(npm)
Oct 3, 2023
webui-aria2 Path Traversal vulnerability
High
CVE-2023-39141
was published
for
webui-aria2
(npm)
Aug 22, 2023
m.static Directory Traversal vulnerability
High
CVE-2023-26126
was published
for
m.static
(npm)
May 10, 2023
Arbitrary local file read vulnerability during template rendering
High
CVE-2023-25345
was published
for
swig
(npm)
Mar 15, 2023
node-static and @nubosoftware/node-static vulnerable to Directory Traversal
High
CVE-2023-26111
was published
for
@nubosoftware/node-static
(npm)
Mar 6, 2023
JSZip contains Path Traversal via loadAsync
High
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
Directory Traversal vulnerability in serve-lite
High
CVE-2022-21192
was published
for
serve-lite
(npm)
Jan 26, 2023
Path Traversal in web-node-server
High
CVE-2020-36651
was published
for
web-node-server
(npm)
Jan 18, 2023
SimbCo httpster vulnerable to Path Traversal
High
CVE-2020-36629
was published
for
httpster
(npm)
Dec 25, 2022
lite-dev-server vulnerable to Directory Traversal
High
CVE-2022-25895
was published
for
lite-dev-server
(npm)
Dec 21, 2022
easy-static-server vulnerable to Directory Traversal
High
CVE-2022-25931
was published
for
easy-static-server
(npm)
Dec 20, 2022
static-dev-server vulnerable to path traversal
High
CVE-2022-25848
was published
for
static-dev-server
(npm)
Nov 29, 2022
ProTip!
Advisories are also available from the
GraphQL API