Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,111
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
37
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
Vitest browser mode serves arbitrary files Moderate
CVE-2025-24963 was published for @vitest/browser (npm) Feb 4, 2025
sapphi-red
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor Moderate
CVE-2024-56331 was published for uptime-kuma (npm) Dec 20, 2024
griisemine
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal Moderate
CVE-2024-50336 was published for matrix-js-sdk (npm) Nov 12, 2024
Langchain Path Traversal vulnerability Moderate
CVE-2024-7774 was published for langchain (npm) Oct 29, 2024
hinthornw
@saltcorn/server arbitrary file zip read and download when downloading auto backups Moderate
GHSA-277h-px4m-62q8 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle Moderate
CVE-2024-43373 was published for webcrack (npm) Aug 14, 2024
SteakEnthusiast
@jmondi/url-to-png contains a Path Traversal vulnerability Moderate
CVE-2024-39918 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper Moderate
CVE-2024-37169 was published for @jmondi/url-to-png (npm) Jun 5, 2024
timoxoszt jasonraimondi
Oceanic allows unsanitized user input to lead to path traversal in URLs Moderate
CVE-2024-34712 was published for oceanic.js (npm) May 14, 2024
Vendicated DonovanDMC
Nuckyz
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss Moderate
CVE-2023-36822 was published for uptime-kuma (npm) May 1, 2024
n-thumann
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno Moderate
CVE-2024-32869 was published for hono (npm) Apr 23, 2024
y0d3n
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
@hono/node-server cannot handle "double dots" in URL Moderate
CVE-2024-23340 was published for @hono/node-server (npm) Jan 23, 2024
Directory Traversal in evershop Moderate
CVE-2023-46497 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in evershop Moderate
CVE-2023-46493 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in Gladys Assistant Moderate
CVE-2023-47440 was published for gladys (npm) Dec 7, 2023
Ghost vulnerable to arbitrary file read via symlinks in content import Moderate
CVE-2023-40028 was published for ghost (npm) Aug 15, 2023
ixSly
Cloudflare Wrangler directory traversal vulnerability Moderate
CVE-2023-3348 was published for wrangler (npm) Aug 3, 2023
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names Moderate
CVE-2023-38695 was published for @simonsmith/cypress-image-snapshot (npm) Aug 1, 2023
thib3113 simonsmith
Gatsby develop server has Local File Inclusion vulnerability Moderate
CVE-2023-34238 was published for gatsby (npm) Jun 9, 2023
n8n Directory Traversal vulnerability Moderate
CVE-2023-27562 was published for n8n (npm) May 10, 2023
MarkLee131
Path traversal vulnerability in gatsby-plugin-sharp Moderate
CVE-2023-30548 was published for gatsby-plugin-sharp (npm) Apr 20, 2023
Path traversal vulnerability in glance Moderate
CVE-2022-25937 was published for glance (npm) Feb 13, 2023
lirantal
JSZip contains Path Traversal via loadAsync Moderate
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
easywebpack-cli Path Traversal vulnerability Moderate
CVE-2020-24855 was published for @easy-team/easywebpack-cli (npm) Dec 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database