Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,300
NuGet
760
pip
4,078
Pub
12
RubyGems
957
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Directory Traversal in send Low
CVE-2014-6394 was published for send (npm) Oct 24, 2017
Arbitrary File Write in cli Low
CVE-2016-10538 was published for cli (npm) Feb 18, 2019
Path traversal in Node-Red Low
CVE-2021-21298 was published for @node-red/runtime (npm) Feb 26, 2021
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite Low
CVE-2016-1000021 was published for cli (npm) May 24, 2022 withdrawn
Agnai File Disclosure Vulnerability: JSON via Path Traversal Low
CVE-2024-47170 was published for agnai (npm) Sep 26, 2024
ropwareJB noe233
Credited to ropwareJB and noe233
Agnai vulnerable to Relative Path Traversal in Image Upload Low
CVE-2024-47171 was published for agnai (npm) Sep 26, 2024
ropwareJB noe233
Credited to ropwareJB and noe233
auth-js Vulnerable to Insecure Path Routing from Malformed User Input Low
CVE-2025-48370 was published for @supabase/auth-js (npm) May 27, 2025
kos0ng
Credited to kos0ng
Vite middleware may serve files starting with the same name with the public directory Low
CVE-2025-58751 was published for vite (npm) Sep 9, 2025
orihjfrog lukeed
Credited to orihjfrog and lukeed
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival Low
CVE-2025-59414 was published for nuxt (npm) Sep 17, 2025
apyatko
Credited to apyatko
Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations Low
CVE-2025-11569 was published for cross-zip (npm) Oct 10, 2025 withdrawn
MarshallOfSound
Credited to MarshallOfSound
Astro Development Server has Arbitrary Local File Read Low
CVE-2025-64757 was published for astro (npm) Nov 19, 2025
monizb Princesseuh
delucis ematipico
Credited to monizb, Princesseuh, delucis, and ematipico
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database