Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

6,014 advisories

Loading
npm symlink reference outside of node_modules High
CVE-2019-16776 was published for npm (npm) Dec 13, 2019
DanielRuf
Arbitrary File Write in iobroker.js-controller High
CVE-2019-10767 was published for iobroker.js-controller (npm) Dec 2, 2019
Path traversal attack on Windows platforms High
CVE-2019-0207 was published for org.apache.tapestry:tapestry-core (Maven) Nov 18, 2019
The rack-cors rubygem may allow directory traveral Moderate
CVE-2019-18978 was published for rack-cors (RubyGems) Nov 15, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms Moderate
CVE-2019-13237 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Path Traversal in LibreNMS High
CVE-2019-12464 was published for librenms/librenms (Composer) Oct 11, 2019
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
Symlink Arbitrary File Overwrite in bower High
CVE-2019-5484 was published for bower (npm) Sep 17, 2019
Path Traversal in algo-httpserv High
GHSA-cgjv-rghq-qhgp was published for algo-httpserv (npm) Sep 11, 2019
Directory Traversal in SharpCompress Moderate
CVE-2018-1002206 was published for sharpcompress (NuGet) Sep 11, 2019
geoffodonnell
Path Traversal in statichttpserver Moderate
CVE-2019-5480 was published for statichttpserver (npm) Sep 4, 2019
NLTK Vulnerable To Path Traversal High
CVE-2019-14751 was published for nltk (pip) Aug 23, 2019
Path Traversal in http-file-server Moderate
CVE-2019-5447 was published for http-file-server (npm) Jul 16, 2019
Path Traversal in serve-here.js High
GHSA-g8m7-qhv7-9h5x was published for serve-here (npm) Jul 5, 2019
Path Traversal vulnerability that affects yard High
CVE-2019-1020001 was published for yard (RubyGems) Jul 2, 2019
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
Directory Traversal in lactate High
GHSA-68gr-cmcp-g3mj was published for lactate (npm) Jun 14, 2019
Unauthorized File Access in harp Moderate
CVE-2019-5438 was published for harp (npm) Jun 13, 2019
Path Traversal in localhost-now High
GHSA-73cw-jxmm-qpgh was published for localhost-now (npm) Jun 11, 2019
Path Traversal in m-server Moderate
GHSA-vc6r-4x6g-mmqc was published for m-server (npm) Jun 11, 2019
Path Traversal in servey Moderate
GHSA-rv49-54qp-fw42 was published for servey (npm) Jun 6, 2019
Path Traversal in statics-server Moderate
GHSA-74cp-qw7f-7hpw was published for statics-server (npm) Jun 5, 2019
High severity vulnerability that affects gun High
GHSA-886v-mm6p-4m66 was published for gun (npm) Jun 5, 2019
JK0N
Path Traversal in angular-http-server High
GHSA-vmhw-fhj6-m3g5 was published for angular-http-server (npm) May 31, 2019
Directory Traversal in ltt.js High
GHSA-6qh5-wx38-q92g was published for ltt.js (npm) May 30, 2019
ProTip! Advisories are also available from the GraphQL API