GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
61 advisories
@jmondi/url-to-png contains a Path Traversal vulnerability
Moderate
CVE-2024-39918
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Moderate
CVE-2024-37169
was published
for
@jmondi/url-to-png
(npm)
Jun 5, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs
Moderate
CVE-2024-34712
was published
for
oceanic.js
(npm)
May 14, 2024
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
Moderate
CVE-2023-36822
was published
for
uptime-kuma
(npm)
May 1, 2024
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Moderate
CVE-2024-32869
was published
for
hono
(npm)
Apr 23, 2024
mapshaper Path Traversal vulnerability
Moderate
CVE-2024-1163
was published
for
mapshaper
(npm)
Feb 13, 2024
Ghost vulnerable to arbitrary file read via symlinks in content import
Moderate
CVE-2023-40028
was published
for
ghost
(npm)
Aug 15, 2023
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
Moderate
CVE-2023-38695
was published
for
@simonsmith/cypress-image-snapshot
(npm)
Aug 1, 2023
n8n Directory Traversal vulnerability
Moderate
CVE-2023-27562
was published
for
n8n
(npm)
May 10, 2023
Path traversal vulnerability in glance
Moderate
CVE-2022-25937
was published
for
glance
(npm)
Feb 13, 2023
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
Moderate
CVE-2022-35204
was published
for
vite
(npm)
Aug 19, 2022
NodeBB vulnerable to path traversal in translator module
Moderate
CVE-2021-43788
was published
for
nodebb
(npm)
Nov 30, 2021
ProTip!
Advisories are also available from the
GraphQL API