GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
214 advisories
Filter by severity
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
High
CVE-2022-35204
was published
for
vite
(npm)
Aug 19, 2022
@actions/artifact has an Arbitrary File Write via artifact extraction
High
CVE-2024-42471
was published
for
@actions/artifact
(npm)
Sep 3, 2024
unzip-stream allows Arbitrary File Write via artifact extraction
High
GHSA-6jrj-vc65-c983
was published
for
unzip-stream
(npm)
Aug 26, 2024
Jan path traversal vulnerability
High
CVE-2024-36857
was published
for
@janhq/core
(npm)
Jun 4, 2024
Nuxt Devtools has a Path Traversal: '../filedir'
High
CVE-2024-23657
was published
for
@nuxt/devtools
(npm)
Aug 5, 2024
jqueryFileTree vulnerable to Directory Traversal
High
CVE-2017-1000170
was published
for
jqueryfiletree
(npm)
May 13, 2022
Next.js Directory Traversal Vulnerability
High
CVE-2017-16877
was published
for
next
(npm)
Dec 5, 2017
Path traversal in webpack-dev-middleware
High
CVE-2024-29180
was published
for
webpack-dev-middleware
(npm)
Mar 21, 2024
webui-aria2 Path Traversal vulnerability
High
CVE-2023-39141
was published
for
webui-aria2
(npm)
Aug 22, 2023
`@backstage/backend-common` vulnerable to path traversal through symlinks
High
CVE-2024-26150
was published
for
@backstage/backend-common
(npm)
Feb 23, 2024
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37712
was published
for
tar
(npm)
Aug 31, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37701
was published
for
tar
(npm)
Aug 31, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
High
CVE-2021-32803
was published
for
tar
(npm)
Aug 3, 2021
Directory Traversal in evershop
High
CVE-2023-46496
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
High
CVE-2021-37713
was published
for
tar
(npm)
Aug 31, 2021
Path Traversal: 'dir/../../filename' in moment.locale
High
CVE-2022-24785
was published
for
Moment.js
(npm)
Apr 4, 2022
Parse Server may crash when uploading file without extension
High
CVE-2023-46119
was published
for
parse-server
(npm)
Oct 24, 2023
static-server Path Traversal vulnerability
High
CVE-2023-26152
was published
for
static-server
(npm)
Oct 3, 2023
m.static Directory Traversal vulnerability
High
CVE-2023-26126
was published
for
m.static
(npm)
May 10, 2023
Path Traversal in web-node-server
High
CVE-2020-36651
was published
for
web-node-server
(npm)
Jan 18, 2023
ProTip!
Advisories are also available from the
GraphQL API