Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

981 advisories

Loading
Directory Traversal in quickserver High
CVE-2017-16196 was published for quickserver (npm) Jul 23, 2018
Directory Traversal in jn_jj_server High
CVE-2017-16210 was published for jn_jj_server (npm) Jul 23, 2018
Directory Traversal in ltt High
CVE-2017-16212 was published for ltt (npm) Jul 23, 2018
Directory Traversal in fbr-client High
CVE-2017-16217 was published for fbr-client (npm) Jul 23, 2018
Directory Traversal in dgard8.lab6 High
CVE-2017-16218 was published for dgard8.lab6 (npm) Jul 23, 2018
Directory Traversal in nodeaaaaa High
CVE-2017-16223 was published for nodeaaaaa (npm) Jul 23, 2018
Directory traversal in Django High
CVE-2011-0698 was published for django (pip) Jul 23, 2018
MarkLee131
Path Traversal in public High
CVE-2018-3731 was published for public (npm) Jul 18, 2018
Path Traversal in resolve-path High
CVE-2018-3732 was published for resolve-path (npm) Jul 18, 2018
Path Traversal in crud-file-server High
CVE-2018-3733 was published for crud-file-server (npm) Jul 18, 2018
Path Traversal in stattic High
CVE-2018-3734 was published for stattic (npm) Jul 18, 2018
Diffoscope may write to arbitrary locations due to an untrusted archive Critical
CVE-2017-0359 was published for diffoscope (pip) Jul 13, 2018
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
Sinatra Path Traversal vulnerability Moderate
CVE-2018-7212 was published for sinatra (RubyGems) Feb 20, 2018
Directory traversal vulnerability in Next.js High
CVE-2018-6184 was published for next (npm) Jan 24, 2018
Arbitrary file read vulnerability in yard server High
CVE-2017-17042 was published for yard (RubyGems) Dec 21, 2017
Next.js Directory Traversal Vulnerability High
CVE-2017-16877 was published for next (npm) Dec 5, 2017
tdunlap607
Mail Gem Path Traversal vulnerability Moderate
CVE-2012-2139 was published for mail (RubyGems) Oct 24, 2017
Wicked gem contains Path traversal vulnerability Moderate
CVE-2013-4413 was published for wicked (RubyGems) Oct 24, 2017
Rack Vulnerable to Path Traversal Moderate
CVE-2013-0262 was published for rack (RubyGems) Oct 24, 2017
Puppet vulnerable to Path Traversal Low
CVE-2012-3865 was published for puppet (RubyGems) Oct 24, 2017
actionpack Path Traversal vulnerability Moderate
CVE-2014-0130 was published for actionpack (RubyGems) Oct 24, 2017
sprockets vulnerable to Path Traversal Moderate
CVE-2014-7819 was published for sprockets (RubyGems) Oct 24, 2017
Directory Traversal in geddy High
CVE-2015-5688 was published for geddy (npm) Oct 24, 2017
Directory Traversal in send Low
CVE-2014-6394 was published for send (npm) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API