GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
Moderate
CVE-2024-56331
was published
for
uptime-kuma
(npm)
Dec 20, 2024
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Moderate
CVE-2024-50336
was published
for
matrix-js-sdk
(npm)
Nov 12, 2024
Langchain Path Traversal vulnerability
Moderate
CVE-2024-7774
was published
for
langchain
(npm)
Oct 29, 2024
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Moderate
GHSA-277h-px4m-62q8
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
Moderate
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
@jmondi/url-to-png contains a Path Traversal vulnerability
Moderate
CVE-2024-39918
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Moderate
CVE-2024-37169
was published
for
@jmondi/url-to-png
(npm)
Jun 5, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs
Moderate
CVE-2024-34712
was published
for
oceanic.js
(npm)
May 14, 2024
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
Moderate
CVE-2023-36822
was published
for
uptime-kuma
(npm)
May 1, 2024
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Moderate
CVE-2024-32869
was published
for
hono
(npm)
Apr 23, 2024
mapshaper Path Traversal vulnerability
Moderate
CVE-2024-1163
was published
for
mapshaper
(npm)
Feb 13, 2024
@hono/node-server cannot handle "double dots" in URL
Moderate
CVE-2024-23340
was published
for
@hono/node-server
(npm)
Jan 23, 2024
Directory Traversal in evershop
Moderate
CVE-2023-46497
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Directory Traversal in evershop
Moderate
CVE-2023-46493
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Directory Traversal in Gladys Assistant
Moderate
CVE-2023-47440
was published
for
gladys
(npm)
Dec 7, 2023
Ghost vulnerable to arbitrary file read via symlinks in content import
Moderate
CVE-2023-40028
was published
for
ghost
(npm)
Aug 15, 2023
Cloudflare Wrangler directory traversal vulnerability
Moderate
CVE-2023-3348
was published
for
wrangler
(npm)
Aug 3, 2023
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
Moderate
CVE-2023-38695
was published
for
@simonsmith/cypress-image-snapshot
(npm)
Aug 1, 2023
Gatsby develop server has Local File Inclusion vulnerability
Moderate
CVE-2023-34238
was published
for
gatsby
(npm)
Jun 9, 2023
n8n Directory Traversal vulnerability
Moderate
CVE-2023-27562
was published
for
n8n
(npm)
May 10, 2023
Path traversal vulnerability in gatsby-plugin-sharp
Moderate
CVE-2023-30548
was published
for
gatsby-plugin-sharp
(npm)
Apr 20, 2023
Path traversal vulnerability in glance
Moderate
CVE-2022-25937
was published
for
glance
(npm)
Feb 13, 2023
JSZip contains Path Traversal via loadAsync
Moderate
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
easywebpack-cli Path Traversal vulnerability
Moderate
CVE-2020-24855
was published
for
@easy-team/easywebpack-cli
(npm)
Dec 15, 2022
snyk-broker Path Traversal before v4.73.0
Moderate
CVE-2020-7649
was published
for
snyk-broker
(npm)
Jul 26, 2022
ProTip!
Advisories are also available from the
GraphQL API