GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
253 advisories
Filter by severity
Apache DolphinScheduler vulnerable to Path Traversal
Moderate
CVE-2022-34662
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Nov 1, 2022
Apache DolphinScheduler vulnerable to Path Traversal
Moderate
CVE-2022-26884
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Oct 28, 2022
Path traversal in Jenkins build-publisher Plugin
Moderate
CVE-2022-41231
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
Jenkins WildFly Deployer Plugin vulnerable to path traversal
Moderate
CVE-2022-41235
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
Sep 22, 2022
Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations
High
CVE-2022-26049
was published
for
com.diffplug.gradle:goomph
(Maven)
Sep 12, 2022
Keycloak has Files or Directories Accessible to External Parties
Moderate
CVE-2021-3856
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
Path Traversal in Gravitee API Management
Moderate
CVE-2019-25075
was published
for
io.gravitee.apim:gravitee-api-management
(Maven)
Aug 24, 2022
Path Traversal in Payara
High
CVE-2022-37422
was published
for
fish.payara.api:payara-bom
(Maven)
Aug 19, 2022
Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`
Moderate
CVE-2022-36007
was published
for
com.github.jlangch:venice
(Maven)
Aug 18, 2022
Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
Moderate
CVE-2022-37423
was published
for
org.neo4j.procedure:apoc
(Maven)
Aug 12, 2022
DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import
High
CVE-2022-31195
was published
for
org.dspace:dspace-api
(Maven)
Aug 6, 2022
JSPUI vulnerable to path traversal in submission (resumable) upload
High
CVE-2022-31194
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin
High
CVE-2022-36894
was published
for
org.jenkins-ci.plugins:clif-performance-testing
(Maven)
Jul 28, 2022
Jenkins Deployer Framework Plugin vulnerable to Path Traversal
Moderate
CVE-2022-36890
was published
for
org.jenkins-ci.plugins:deployer-framework
(Maven)
Jul 28, 2022
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment
Moderate
CVE-2022-36889
was published
for
org.jenkins-ci.plugins:deployer-framework
(Maven)
Jul 28, 2022
Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
High
CVE-2022-31159
was published
for
com.amazonaws:aws-java-sdk-s3
(Maven)
Jul 15, 2022
Cross-site Scripting vulnerability in Jenkins
High
CVE-2022-34170
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin
Moderate
CVE-2022-34179
was published
for
org.jenkins-ci.plugins:embeddable-build-status
(Maven)
Jun 24, 2022
Cross-site Scripting vulnerability in Jenkins
High
CVE-2022-34173
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Cross-site Scripting vulnerability in Jenkins
High
CVE-2022-34171
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin
High
CVE-2022-34177
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
Jun 24, 2022
Cross-site Scripting vulnerability in Jenkins
High
CVE-2022-34172
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
User account escalation in Apache Hadoop
High
CVE-2021-33036
was published
for
org.apache.hadoop:hadoop-yarn-server-common
(Maven)
Jun 16, 2022
Path Traversal in XWiki Platform
Low
CVE-2022-29253
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 1, 2022
Path traversal in CureKit
High
CVE-2022-23082
was published
for
io.whitesource:curekit
(Maven)
Jun 1, 2022
ProTip!
Advisories are also available from the
GraphQL API