Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

330 advisories

Loading
`@backstage/backend-common` vulnerable to path traversal through symlinks High
CVE-2024-26150 was published for @backstage/backend-common (npm) Feb 23, 2024
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
Credited to JafarAkhondali
Stimulsoft Dashboard.JS directory traversal vulnerability Critical
CVE-2024-24398 was published for stimulsoft-dashboards-js (npm) Feb 6, 2024
@hono/node-server cannot handle "double dots" in URL Moderate
CVE-2024-23340 was published for @hono/node-server (npm) Jan 23, 2024
Directory Traversal in evershop Moderate
CVE-2023-46497 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in evershop Moderate
CVE-2023-46493 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in evershop High
CVE-2023-46496 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in Gladys Assistant Moderate
CVE-2023-47440 was published for gladys (npm) Dec 7, 2023
Parse Server may crash when uploading file without extension High
CVE-2023-46119 was published for parse-server (npm) Oct 24, 2023
chriscborg mtrezza
Credited to chriscborg and mtrezza
static-server Path Traversal vulnerability High
CVE-2023-26152 was published for static-server (npm) Oct 3, 2023
lirantal
Credited to lirantal
Hexo `include_code` has a path traversal High
CVE-2023-39584 was published for hexo (npm) Sep 8, 2023
uiolee
Credited to uiolee
webui-aria2 Path Traversal vulnerability High
CVE-2023-39141 was published for webui-aria2 (npm) Aug 22, 2023
JafarAkhondali
Credited to JafarAkhondali
Ghost vulnerable to arbitrary file read via symlinks in content import Moderate
CVE-2023-40028 was published for ghost (npm) Aug 15, 2023
ixSly
Credited to ixSly
Cloudflare Wrangler directory traversal vulnerability Moderate
CVE-2023-3348 was published for wrangler (npm) Aug 3, 2023
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names Moderate
CVE-2023-38695 was published for @simonsmith/cypress-image-snapshot (npm) Aug 1, 2023
thib3113 simonsmith
Credited to thib3113 and simonsmith
Path traversal and code execution via prototype vulnerability Critical
CVE-2023-26045 was published for nodebb (npm) Jul 25, 2023
starinfar
Credited to starinfar
Gatsby develop server has Local File Inclusion vulnerability Moderate
CVE-2023-34238 was published for gatsby (npm) Jun 9, 2023
n8n Directory Traversal vulnerability Moderate
CVE-2023-27562 was published for n8n (npm) May 10, 2023
MarkLee131
Credited to MarkLee131
m.static Directory Traversal vulnerability High
CVE-2023-26126 was published for m.static (npm) May 10, 2023
lirantal
Credited to lirantal
Path Traversal in Ghost High
CVE-2023-32235 was published for ghost (npm) May 5, 2023
Path traversal vulnerability in gatsby-plugin-sharp Moderate
CVE-2023-30548 was published for gatsby-plugin-sharp (npm) Apr 20, 2023
Arbitrary local file read vulnerability during template rendering High
CVE-2023-25345 was published for swig (npm) Mar 15, 2023
node-static and @nubosoftware/node-static vulnerable to Directory Traversal High
CVE-2023-26111 was published for @nubosoftware/node-static (npm) Mar 6, 2023
lirantal
Credited to lirantal
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler Moderate
CVE-2025-27098 was published for @graphql-mesh/cli (npm) Feb 16, 2023
ardatan dotansimha
Credited to ardatan and dotansimha
Path traversal vulnerability in glance Moderate
CVE-2022-25937 was published for glance (npm) Feb 13, 2023
lirantal
Credited to lirantal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database