GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
106 advisories
Filter by severity
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)
High
GHSA-82j3-hf72-7x93
was published
for
com.reposilite:reposilite-backend
(Maven)
Nov 4, 2024
OpenRefine has a path traversal in LoadLanguageCommand
High
CVE-2024-49760
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
Path traversal vulnerability in functional web frameworks
High
CVE-2024-38816
was published
for
org.springframework:spring-webflux
(Maven)
Sep 13, 2024
Duplicate Advisory: Reposilite Arbitrary File Read vulnerability
High
CVE-2024-36117
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 5, 2024
•
withdrawn
Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`)
High
CVE-2024-36116
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
High
CVE-2024-24749
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
OpenAPI Generator Online - Arbitrary File Read/Delete
High
CVE-2024-35219
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 28, 2024
Keycloak path traversal vulnerability in redirection validation
High
CVE-2024-1132
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
GeoServer log file path traversal vulnerability
High
CVE-2023-41877
was published
for
org.geoserver:gs-main
(Maven)
Mar 20, 2024
Path traversal in flaskcode Devan-Kerman ARRP
High
CVE-2024-24042
was published
for
net.devtech:arrp
(Maven)
Mar 19, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
High
CVE-2024-27317
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
OpenRefine JDBC Attack Vulnerability
High
CVE-2024-23833
was published
for
org.openrefine:database
(Maven)
Feb 12, 2024
Apache Sling Servlets Resolver executes malicious code via path traversal
High
CVE-2024-23673
was published
for
org.apache.sling:org.apache.sling.servlets.resolver
(Maven)
Feb 6, 2024
Directory Traversal in JFinalCMS
High
CVE-2023-50449
was published
for
com.jfinal:jfinal
(Maven)
Dec 10, 2023
Apache Tiles: Unvalidated input may lead to path traversal and XXE
High
CVE-2023-49735
was published
for
org.apache.tiles:tiles-core
(Maven)
Dec 1, 2023
ureport arbitrary file read vulnerability
High
CVE-2023-48848
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Nov 28, 2023
Zip slip in mleap
High
CVE-2023-5245
was published
for
ml.combust.mleap:mleap-runtime_2.12
(Maven)
Nov 15, 2023
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
High
CVE-2023-34062
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Nov 15, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
High
CVE-2023-46654
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
Oct 25, 2023
Yamcs Path Traversal vulnerability
High
CVE-2023-45277
was published
for
org.yamcs:yamcs
(Maven)
Oct 19, 2023
plexus-codehaus vulnerable to directory traversal
High
CVE-2022-4244
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
Sep 25, 2023
Jeecg boot arbitrary file read vulnerability
High
CVE-2023-41578
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Sep 8, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter
High
CVE-2023-40827
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function
High
CVE-2023-40828
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
pf4j vulnerable to remote code execution via the zippluginPath parameter
High
CVE-2023-40826
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
ProTip!
Advisories are also available from the
GraphQL API