GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
High
CVE-2022-35204
was published
for
vite
(npm)
Aug 19, 2022
@actions/artifact has an Arbitrary File Write via artifact extraction
High
CVE-2024-42471
was published
for
@actions/artifact
(npm)
Sep 3, 2024
unzip-stream allows Arbitrary File Write via artifact extraction
High
GHSA-6jrj-vc65-c983
was published
for
unzip-stream
(npm)
Aug 26, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
High
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
Jan path traversal vulnerability
High
CVE-2024-36857
was published
for
@janhq/core
(npm)
Jun 4, 2024
Nuxt Devtools has a Path Traversal: '../filedir'
High
CVE-2024-23657
was published
for
@nuxt/devtools
(npm)
Aug 5, 2024
JSZip contains Path Traversal via loadAsync
High
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
jqueryFileTree vulnerable to Directory Traversal
High
CVE-2017-1000170
was published
for
jqueryfiletree
(npm)
May 13, 2022
Next.js Directory Traversal Vulnerability
High
CVE-2017-16877
was published
for
next
(npm)
Dec 5, 2017
Path traversal in webpack-dev-middleware
High
CVE-2024-29180
was published
for
webpack-dev-middleware
(npm)
Mar 21, 2024
webui-aria2 Path Traversal vulnerability
High
CVE-2023-39141
was published
for
webui-aria2
(npm)
Aug 22, 2023
`@backstage/backend-common` vulnerable to path traversal through symlinks
High
CVE-2024-26150
was published
for
@backstage/backend-common
(npm)
Feb 23, 2024
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37712
was published
for
tar
(npm)
Aug 31, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37701
was published
for
tar
(npm)
Aug 31, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
High
CVE-2021-32803
was published
for
tar
(npm)
Aug 3, 2021
Directory Traversal in evershop
High
CVE-2023-46496
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
High
CVE-2021-37713
was published
for
tar
(npm)
Aug 31, 2021
Path Traversal: 'dir/../../filename' in moment.locale
High
CVE-2022-24785
was published
for
Moment.js
(npm)
Apr 4, 2022
Parse Server may crash when uploading file without extension
High
CVE-2023-46119
was published
for
parse-server
(npm)
Oct 24, 2023
static-server Path Traversal vulnerability
High
CVE-2023-26152
was published
for
static-server
(npm)
Oct 3, 2023
m.static Directory Traversal vulnerability
High
CVE-2023-26126
was published
for
m.static
(npm)
May 10, 2023
ProTip!
Advisories are also available from the
GraphQL API