GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Links in archive can create arbitrary directories
High
CVE-2021-38511
was published
for
tar
(Rust)
Aug 25, 2021
Improper sanitization of target names
High
CVE-2021-41149
was published
for
tough
(Rust)
Oct 19, 2021
Improper sanitization of delegated role names
High
CVE-2021-41150
was published
for
tough
(Rust)
Oct 19, 2021
Relative Path Traversal in afire serve_static
High
GHSA-3227-r97m-8j95
was published
for
afire
(Rust)
Apr 22, 2022
RustEmbed generated `get` method allows for directory traversal when reading files from disk
Moderate
GHSA-cgw6-f3mj-h742
was published
for
rust-embed
(Rust)
Jun 17, 2022
tower-http's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-wwh2-r387-g5rm
was published
for
tower-http
(Rust)
Jun 17, 2022
Cargo extracting malicious crates can corrupt arbitrary files
Low
CVE-2022-36113
was published
for
cargo
(Rust)
Sep 16, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Moderate
CVE-2022-39215
was published
for
tauri
(Rust)
Sep 16, 2022
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-7p7c-pvvx-2vx3
was published
for
hyper-staticfile
(Rust)
Dec 5, 2022
Tauri Filesystem Scope Glob Pattern is too Permissive
Moderate
CVE-2022-46171
was published
for
tauri
(Rust)
Dec 22, 2022
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
Critical
CVE-2022-45299
was published
for
webbrowser
(Rust)
Jan 13, 2023
Warp vulnerable to Path Traversal via Improper validation of Windows paths
High
GHSA-8v4j-7jgf-5rg9
was published
for
warp
(Rust)
Jan 31, 2023
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
cap-std doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51756
was published
for
cap-async-std
(Rust)
Nov 5, 2024
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
ProTip!
Advisories are also available from the
GraphQL API