GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Relative Path Traversal in afire serve_static
High
GHSA-3227-r97m-8j95
was published
for
afire
(Rust)
Apr 22, 2022
RustEmbed generated `get` method allows for directory traversal when reading files from disk
Moderate
GHSA-cgw6-f3mj-h742
was published
for
rust-embed
(Rust)
Jun 17, 2022
Tauri Filesystem Scope Glob Pattern is too Permissive
Moderate
CVE-2022-46171
was published
for
tauri
(Rust)
Dec 22, 2022
Improper sanitization of delegated role names
High
CVE-2021-41150
was published
for
tough
(Rust)
Oct 19, 2021
Improper sanitization of target names
High
CVE-2021-41149
was published
for
tough
(Rust)
Oct 19, 2021
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Moderate
CVE-2022-39215
was published
for
tauri
(Rust)
Sep 16, 2022
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-7p7c-pvvx-2vx3
was published
for
hyper-staticfile
(Rust)
Dec 5, 2022
Warp vulnerable to Path Traversal via Improper validation of Windows paths
High
GHSA-8v4j-7jgf-5rg9
was published
for
warp
(Rust)
Jan 31, 2023
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
Critical
CVE-2022-45299
was published
for
webbrowser
(Rust)
Jan 13, 2023
Links in archive can create arbitrary directories
High
CVE-2021-38511
was published
for
tar
(Rust)
Aug 25, 2021
tower-http's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-wwh2-r387-g5rm
was published
for
tower-http
(Rust)
Jun 17, 2022
Cargo extracting malicious crates can corrupt arbitrary files
Low
CVE-2022-36113
was published
for
cargo
(Rust)
Sep 16, 2022
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
cap-std doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51756
was published
for
cap-async-std
(Rust)
Nov 5, 2024
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
ProTip!
Advisories are also available from the
GraphQL API