GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
299 advisories
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
Langchain Path Traversal vulnerability
Moderate
CVE-2024-7774
was published
for
langchain
(npm)
Oct 29, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Moderate
GHSA-277h-px4m-62q8
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
Agnai vulnerable to Relative Path Traversal in Image Upload
Low
CVE-2024-47171
was published
for
agnai
(npm)
Sep 26, 2024
Agnai File Disclosure Vulnerability: JSON via Path Traversal
Low
CVE-2024-47170
was published
for
agnai
(npm)
Sep 26, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Critical
CVE-2024-47169
was published
for
agnai
(npm)
Sep 26, 2024
@actions/artifact has an Arbitrary File Write via artifact extraction
High
CVE-2024-42471
was published
for
@actions/artifact
(npm)
Sep 3, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
High
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
Nuxt Devtools has a Path Traversal: '../filedir'
High
CVE-2024-23657
was published
for
@nuxt/devtools
(npm)
Aug 5, 2024
@jmondi/url-to-png contains a Path Traversal vulnerability
Moderate
CVE-2024-39918
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Moderate
CVE-2024-37169
was published
for
@jmondi/url-to-png
(npm)
Jun 5, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs
Moderate
CVE-2024-34712
was published
for
oceanic.js
(npm)
May 14, 2024
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
Moderate
CVE-2023-36822
was published
for
uptime-kuma
(npm)
May 1, 2024
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Moderate
CVE-2024-32869
was published
for
hono
(npm)
Apr 23, 2024
Path traversal in webpack-dev-middleware
High
CVE-2024-29180
was published
for
webpack-dev-middleware
(npm)
Mar 21, 2024
mapshaper Path Traversal vulnerability
Moderate
CVE-2024-1163
was published
for
mapshaper
(npm)
Feb 13, 2024
ProTip!
Advisories are also available from the
GraphQL API