Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

300 advisories

Loading
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal Moderate
CVE-2024-50336 was published for matrix-js-sdk (npm) Nov 12, 2024
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
Path traversal in oak allows transfer of hidden files within the served root directory High
CVE-2024-49770 was published for @oakserver/oak (npm) Nov 1, 2024
NeKzor
Langchain Path Traversal vulnerability Moderate
CVE-2024-7774 was published for langchain (npm) Oct 29, 2024
hinthornw
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy Critical
CVE-2024-48914 was published for @vendure/asset-server-plugin (npm) Oct 15, 2024
Path traversal in atlasboard High
CVE-2021-39109 was published for atlasboard (npm) Sep 2, 2021
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability High
CVE-2024-47818 was published for @saltcorn/server (npm) Oct 7, 2024
dellalibera
@saltcorn/server arbitrary file zip read and download when downloading auto backups Moderate
GHSA-277h-px4m-62q8 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal Critical
CVE-2024-47169 was published for agnai (npm) Sep 26, 2024
ropwareJB
Agnai File Disclosure Vulnerability: JSON via Path Traversal Low
CVE-2024-47170 was published for agnai (npm) Sep 26, 2024
ropwareJB
Agnai vulnerable to Relative Path Traversal in Image Upload Low
CVE-2024-47171 was published for agnai (npm) Sep 26, 2024
ropwareJB
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service High
CVE-2022-35204 was published for vite (npm) Aug 19, 2022
dloetzke stypr
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
unzip-stream allows Arbitrary File Write via artifact extraction High
GHSA-6jrj-vc65-c983 was published for unzip-stream (npm) Aug 26, 2024
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle High
CVE-2024-43373 was published for webcrack (npm) Aug 14, 2024
SteakEnthusiast
Jan path traversal vulnerability High
CVE-2024-36857 was published for @janhq/core (npm) Jun 4, 2024
Nuxt Devtools has a Path Traversal: '../filedir' High
CVE-2024-23657 was published for @nuxt/devtools (npm) Aug 5, 2024
OhB00 antfu
@jmondi/url-to-png contains a Path Traversal vulnerability Moderate
CVE-2024-39918 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
JSZip contains Path Traversal via loadAsync High
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper Moderate
CVE-2024-37169 was published for @jmondi/url-to-png (npm) Jun 5, 2024
timoxoszt jasonraimondi
Oceanic allows unsanitized user input to lead to path traversal in URLs Moderate
CVE-2024-34712 was published for oceanic.js (npm) May 14, 2024
Vendicated DonovanDMC
Nuckyz
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss Moderate
CVE-2023-36822 was published for uptime-kuma (npm) May 1, 2024
n-thumann
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno Moderate
CVE-2024-32869 was published for hono (npm) Apr 23, 2024
y0d3n
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database