Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

253 advisories

Loading
Apache DolphinScheduler vulnerable to Path Traversal Moderate
CVE-2022-34662 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Nov 1, 2022
Apache DolphinScheduler vulnerable to Path Traversal Moderate
CVE-2022-26884 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Oct 28, 2022
Path traversal in Jenkins build-publisher Plugin Moderate
CVE-2022-41231 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
Jenkins WildFly Deployer Plugin vulnerable to path traversal Moderate
CVE-2022-41235 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) Sep 22, 2022
NotMyFault
Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations High
CVE-2022-26049 was published for com.diffplug.gradle:goomph (Maven) Sep 12, 2022
Keycloak has Files or Directories Accessible to External Parties Moderate
CVE-2021-3856 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
Path Traversal in Gravitee API Management Moderate
CVE-2019-25075 was published for io.gravitee.apim:gravitee-api-management (Maven) Aug 24, 2022
Path Traversal in Payara High
CVE-2022-37422 was published for fish.payara.api:payara-bom (Maven) Aug 19, 2022
Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource` Moderate
CVE-2022-36007 was published for com.github.jlangch:venice (Maven) Aug 18, 2022
JLLeitschuh
Neo4j Graph apoc plugins Partial Path Traversal Vulnerability Moderate
CVE-2022-37423 was published for org.neo4j.procedure:apoc (Maven) Aug 12, 2022
JLLeitschuh
DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import High
CVE-2022-31195 was published for org.dspace:dspace-api (Maven) Aug 6, 2022
JSPUI vulnerable to path traversal in submission (resumable) upload High
CVE-2022-31194 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin High
CVE-2022-36894 was published for org.jenkins-ci.plugins:clif-performance-testing (Maven) Jul 28, 2022
NotMyFault
Jenkins Deployer Framework Plugin vulnerable to Path Traversal Moderate
CVE-2022-36890 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment Moderate
CVE-2022-36889 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
NotMyFault
Partial Path Traversal in com.amazonaws:aws-java-sdk-s3 High
CVE-2022-31159 was published for com.amazonaws:aws-java-sdk-s3 (Maven) Jul 15, 2022
JLLeitschuh
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34170 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault sunSUNQ
Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin Moderate
CVE-2022-34179 was published for org.jenkins-ci.plugins:embeddable-build-status (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34173 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34171 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin High
CVE-2022-34177 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34172 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
User account escalation in Apache Hadoop High
CVE-2021-33036 was published for org.apache.hadoop:hadoop-yarn-server-common (Maven) Jun 16, 2022
Path Traversal in XWiki Platform Low
CVE-2022-29253 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 1, 2022
Path traversal in CureKit High
CVE-2022-23082 was published for io.whitesource:curekit (Maven) Jun 1, 2022
ProTip! Advisories are also available from the GraphQL API