Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

300 advisories

Loading
JSZip contains Path Traversal via loadAsync Moderate
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal Moderate
CVE-2024-50336 was published for matrix-js-sdk (npm) Nov 12, 2024
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
Path traversal in oak allows transfer of hidden files within the served root directory High
CVE-2024-49770 was published for @oakserver/oak (npm) Nov 1, 2024
NeKzor
Langchain Path Traversal vulnerability Moderate
CVE-2024-7774 was published for langchain (npm) Oct 29, 2024
hinthornw
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy Critical
CVE-2024-48914 was published for @vendure/asset-server-plugin (npm) Oct 15, 2024
Path traversal in atlasboard High
CVE-2021-39109 was published for atlasboard (npm) Sep 2, 2021
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability High
CVE-2024-47818 was published for @saltcorn/server (npm) Oct 7, 2024
dellalibera
@saltcorn/server arbitrary file zip read and download when downloading auto backups Moderate
GHSA-277h-px4m-62q8 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
Agnai File Disclosure Vulnerability: JSON via Path Traversal Low
CVE-2024-47170 was published for agnai (npm) Sep 26, 2024
ropwareJB
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal Critical
CVE-2024-47169 was published for agnai (npm) Sep 26, 2024
ropwareJB
Agnai vulnerable to Relative Path Traversal in Image Upload Low
CVE-2024-47171 was published for agnai (npm) Sep 26, 2024
ropwareJB
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service High
CVE-2022-35204 was published for vite (npm) Aug 19, 2022
dloetzke stypr
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
unzip-stream allows Arbitrary File Write via artifact extraction High
GHSA-6jrj-vc65-c983 was published for unzip-stream (npm) Aug 26, 2024
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
Jan path traversal vulnerability High
CVE-2024-36857 was published for @janhq/core (npm) Jun 4, 2024
Nuxt Devtools has a Path Traversal: '../filedir' High
CVE-2024-23657 was published for @nuxt/devtools (npm) Aug 5, 2024
OhB00 antfu
@jmondi/url-to-png contains a Path Traversal vulnerability Moderate
CVE-2024-39918 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper Moderate
CVE-2024-37169 was published for @jmondi/url-to-png (npm) Jun 5, 2024
timoxoszt jasonraimondi
Oceanic allows unsanitized user input to lead to path traversal in URLs Moderate
CVE-2024-34712 was published for oceanic.js (npm) May 14, 2024
Vendicated DonovanDMC
Nuckyz
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno Moderate
CVE-2024-32869 was published for hono (npm) Apr 23, 2024
y0d3n
ProTip! Advisories are also available from the GraphQL API