Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
RDF4J vulnerable to zip slip High
CVE-2018-20227 was published for org.eclipse.rdf4j:rdf4j (Maven) May 14, 2022
MarkLee131
Reposilite Arbitrary File Read vulnerability High
CVE-2024-36117 was published for com.reposilite:reposilite-backend (Maven) Aug 5, 2024
Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`) High
CVE-2024-36116 was published for com.reposilite:reposilite-backend (Maven) Aug 2, 2024
artsploit
Keycloak path traversal vulnerability in redirection validation High
CVE-2024-1132 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat High
CVE-2024-24749 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
Kai5174 sikeoka
jodygarnett
OpenAPI Generator Online - Arbitrary File Read/Delete High
CVE-2024-35219 was published for org.openapitools:openapi-generator-online (Maven) May 28, 2024
stefan-schiller-sonarsource
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
plexus-codehaus vulnerable to directory traversal High
CVE-2022-4244 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification High
CVE-2024-27317 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack High
CVE-2023-34062 was published for io.projectreactor.netty:reactor-netty-http (Maven) Nov 15, 2023
mpihelgas
Path traversal in flaskcode Devan-Kerman ARRP High
CVE-2024-24042 was published for net.devtech:arrp (Maven) Mar 19, 2024
GeoServer log file path traversal vulnerability High
CVE-2023-41877 was published for org.geoserver:gs-main (Maven) Mar 20, 2024
Anthares101 sumiitgurjar
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34170 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault sunSUNQ
Apache Geronimo Application Server multiple directory traversal vulnerabilities High
CVE-2008-5518 was published for org.apache.geronimo.plugins:console (Maven) May 14, 2022
MarkLee131
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized High
CVE-2016-9878 was published for org.springframework:spring-webmvc (Maven) Oct 4, 2018
sunSUNQ
Path Traversal in Hadoop High
CVE-2018-8009 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
MarkLee131
Apache Sling Servlets Resolver executes malicious code via path traversal High
CVE-2024-23673 was published for org.apache.sling:org.apache.sling.servlets.resolver (Maven) Feb 6, 2024
OpenRefine JDBC Attack Vulnerability High
CVE-2024-23833 was published for org.openrefine:database (Maven) Feb 12, 2024
l0n3rs
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin High
CVE-2022-36894 was published for org.jenkins-ci.plugins:clif-performance-testing (Maven) Jul 28, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin High
CVE-2022-45381 was published for org.jenkins-ci.plugins:pipeline-utility-steps (Maven) Nov 16, 2022
NotMyFault
Path traversal vulnerability in Jenkins agent names High
CVE-2021-21605 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Improper Limitation of a Pathname to a Restricted Directory in Jenkins High
CVE-2018-1000863 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057 High
CVE-2023-28465 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 10, 2023
JLLeitschuh
Directory Traversal in JFinalCMS High
CVE-2023-50449 was published for com.jfinal:jfinal (Maven) Dec 10, 2023
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.tiles:tiles-core (Maven) Dec 1, 2023
ProTip! Advisories are also available from the GraphQL API