Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

6,014 advisories

Loading
Directory Traversal in xtalk High
CVE-2017-16091 was published for xtalk (npm) Sep 1, 2020
fury-adapter-swagger allows arbitrary file read from system High
CVE-2016-1000249 was published for fury-adapter-swagger (npm) Sep 1, 2020
Directory Traversal in st High
CVE-2014-3744 was published for st (npm) Aug 31, 2020
Hidden Directories Always Served in inert Moderate
CVE-2014-10068 was published for inert (npm) Aug 31, 2020
Directory Traversal in fancy-server High
CVE-2014-10066 was published for fancy-server (npm) Aug 31, 2020
Path Traversal in openapi-python-client Low
CVE-2020-15141 was published for openapi-python-client (pip) Aug 20, 2020
pawamoy emann
Directory traversal in rollup-plugin-server High
CVE-2020-7686 was published for rollup-plugin-server (npm) Jul 29, 2020
Directory traversal in rollup-plugin-server High
CVE-2020-7683 was published for rollup-plugin-server (npm) Jul 29, 2020
Directory traversal in fast-http High
CVE-2020-7687 was published for fast-http (npm) Jul 27, 2020
Path Traversal in socket.io-file High
CVE-2020-15779 was published for socket.io-file (npm) Jul 7, 2020
Directory traversal in Rack::Directory app bundled with Rack High
CVE-2020-8161 was published for rack (RubyGems) Jul 6, 2020
Directory traversal in Apache RocketMQ Moderate
CVE-2019-17572 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 1, 2020
Directory traversal outside of SENDFILE_ROOT in django-sendfile2 Moderate
GHSA-6r3c-8xf3-ggrr was published for django-sendfile2 (pip) Jun 24, 2020
gipi moggers87
Directory traversal attack in Spring Cloud Config High
CVE-2020-5410 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Jun 5, 2020
Directory traversal attack in Spring Cloud Config Moderate
CVE-2020-5405 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Jun 5, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7652 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7648 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7650 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7651 was published for snyk-broker (npm) Jun 3, 2020
path traversal in Jooby Moderate
CVE-2020-7647 was published for io.jooby:jooby (Maven) May 13, 2020
Arbitrary file write in actionpack-page_caching gem Critical
CVE-2020-8159 was published for actionpack-page_caching (RubyGems) May 13, 2020
Cross-Site Scripting in http_server High
CVE-2019-15600 was published for http_server (npm) Mar 31, 2020
Path Traversal in statics-server Moderate
CVE-2019-15596 was published for statics-server (npm) Mar 31, 2020
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle High
CVE-2020-5237 was published for oneup/uploader-bundle (Composer) Feb 18, 2020
npm Vulnerable to Global node_modules Binary Overwrite High
CVE-2019-16777 was published for npm (npm) Dec 13, 2019
DanielRuf
ProTip! Advisories are also available from the GraphQL API