Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

213 advisories

Loading
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
unzip-stream allows Arbitrary File Write via artifact extraction High
GHSA-6jrj-vc65-c983 was published for unzip-stream (npm) Aug 26, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle High
CVE-2024-43373 was published for webcrack (npm) Aug 14, 2024
SteakEnthusiast
Nuxt Devtools has a Path Traversal: '../filedir' High
CVE-2024-23657 was published for @nuxt/devtools (npm) Aug 5, 2024
OhB00 antfu
Jan path traversal vulnerability High
CVE-2024-36857 was published for @janhq/core (npm) Jun 4, 2024
Path traversal in webpack-dev-middleware High
CVE-2024-29180 was published for webpack-dev-middleware (npm) Mar 21, 2024
palirichtarik
`@backstage/backend-common` vulnerable to path traversal through symlinks High
CVE-2024-26150 was published for @backstage/backend-common (npm) Feb 23, 2024
Directory Traversal in evershop High
CVE-2023-46496 was published for @evershop/evershop (npm) Dec 8, 2023
Parse Server may crash when uploading file without extension High
CVE-2023-46119 was published for parse-server (npm) Oct 24, 2023
chriscborg mtrezza
static-server Path Traversal vulnerability High
CVE-2023-26152 was published for static-server (npm) Oct 3, 2023
webui-aria2 Path Traversal vulnerability High
CVE-2023-39141 was published for webui-aria2 (npm) Aug 22, 2023
JafarAkhondali
m.static Directory Traversal vulnerability High
CVE-2023-26126 was published for m.static (npm) May 10, 2023
Path Traversal in Ghost High
CVE-2023-32235 was published for ghost (npm) May 5, 2023
Arbitrary local file read vulnerability during template rendering High
CVE-2023-25345 was published for swig (npm) Mar 15, 2023
node-static and @nubosoftware/node-static vulnerable to Directory Traversal High
CVE-2023-26111 was published for @nubosoftware/node-static (npm) Mar 6, 2023
Servst vulnerable to Path Traversal High
CVE-2022-25936 was published for servst (npm) Jan 30, 2023
JSZip contains Path Traversal via loadAsync High
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
Directory Traversal vulnerability in serve-lite High
CVE-2022-21192 was published for serve-lite (npm) Jan 26, 2023
lirantal
Path Traversal in web-node-server High
CVE-2020-36651 was published for web-node-server (npm) Jan 18, 2023
SimbCo httpster vulnerable to Path Traversal High
CVE-2020-36629 was published for httpster (npm) Dec 25, 2022
lite-dev-server vulnerable to Directory Traversal High
CVE-2022-25895 was published for lite-dev-server (npm) Dec 21, 2022
lirantal
easy-static-server vulnerable to Directory Traversal High
CVE-2022-25931 was published for easy-static-server (npm) Dec 20, 2022
lirantal
static-dev-server vulnerable to path traversal High
CVE-2022-25848 was published for static-dev-server (npm) Nov 29, 2022
lirantal
Directory traversal in convert-svg-core High
CVE-2022-24278 was published for convert-svg-core (npm) Jun 11, 2022
MJML vulnerable to path traversal High
CVE-2020-12827 was published for mjml (npm) May 24, 2022
ProTip! Advisories are also available from the GraphQL API