Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

214 advisories

Loading
Path traversal in oak allows transfer of hidden files within the served root directory High
CVE-2024-49770 was published for @oakserver/oak (npm) Nov 1, 2024
NeKzor
Path traversal in atlasboard High
CVE-2021-39109 was published for atlasboard (npm) Sep 2, 2021
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability High
CVE-2024-47818 was published for @saltcorn/server (npm) Oct 7, 2024
dellalibera
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service High
CVE-2022-35204 was published for vite (npm) Aug 19, 2022
dloetzke stypr
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
unzip-stream allows Arbitrary File Write via artifact extraction High
GHSA-6jrj-vc65-c983 was published for unzip-stream (npm) Aug 26, 2024
Jan path traversal vulnerability High
CVE-2024-36857 was published for @janhq/core (npm) Jun 4, 2024
Nuxt Devtools has a Path Traversal: '../filedir' High
CVE-2024-23657 was published for @nuxt/devtools (npm) Aug 5, 2024
OhB00 antfu
jqueryFileTree vulnerable to Directory Traversal High
CVE-2017-1000170 was published for jqueryfiletree (npm) May 13, 2022
Next.js Directory Traversal Vulnerability High
CVE-2017-16877 was published for next (npm) Dec 5, 2017
tdunlap607
Path traversal in webpack-dev-middleware High
CVE-2024-29180 was published for webpack-dev-middleware (npm) Mar 21, 2024
palirichtarik
webui-aria2 Path Traversal vulnerability High
CVE-2023-39141 was published for webui-aria2 (npm) Aug 22, 2023
JafarAkhondali
`@backstage/backend-common` vulnerable to path traversal through symlinks High
CVE-2024-26150 was published for @backstage/backend-common (npm) Feb 23, 2024
Directory Traversal in evershop High
CVE-2023-46496 was published for @evershop/evershop (npm) Dec 8, 2023
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization High
CVE-2021-37713 was published for tar (npm) Aug 31, 2021
JarLob chen-robert
ginkoid
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
Parse Server may crash when uploading file without extension High
CVE-2023-46119 was published for parse-server (npm) Oct 24, 2023
chriscborg mtrezza
Path Traversal in Ghost High
CVE-2023-32235 was published for ghost (npm) May 5, 2023
static-server Path Traversal vulnerability High
CVE-2023-26152 was published for static-server (npm) Oct 3, 2023
m.static Directory Traversal vulnerability High
CVE-2023-26126 was published for m.static (npm) May 10, 2023
Path Traversal in web-node-server High
CVE-2020-36651 was published for web-node-server (npm) Jan 18, 2023
MJML vulnerable to path traversal High
CVE-2020-12827 was published for mjml (npm) May 24, 2022
ProTip! Advisories are also available from the GraphQL API