Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client High
CVE-2021-20218 was published for io.fabric8:kubernetes-client (Maven) May 24, 2022
Path traversal vulnerability in Jenkins agent names High
CVE-2021-21605 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files High
CVE-2019-16540 was published for org.jenkins-ci.plugins:support-core (Maven) May 24, 2022
Mule modules contain Directory Traversal High
CVE-2019-15630 was published for org.mule.runtime:mule (Maven) May 24, 2022
Path traversal in Gitblit High
CVE-2022-31268 was published for com.gitblit:gitblit (Maven) May 22, 2022
Path traversal in Jenkins Git Mercurial and Repo Plugins High
CVE-2022-30947 was published for org.jenkins-ci.plugins:git (Maven) May 18, 2022
NotMyFault
Path Traversal in Apache Jetspeed High
CVE-2016-0709 was published for org.apache.portals.jetspeed-2:jetspeed (Maven) May 17, 2022
Path Traversal in Apache Atlas High
CVE-2016-8752 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Apache Storm log viewer path traversal vulnerability High
CVE-2014-0115 was published for org.apache.storm:storm (Maven) May 17, 2022
Apache ODE Path Traversal vulnerability High
CVE-2018-1316 was published for org.apache.ode:ode (Maven) May 14, 2022
Path Traversal in OWASP Dependency-Check High
CVE-2018-12036 was published for org.owasp:dependency-check-maven (Maven) May 14, 2022
Path Traversal in Eclipse Mojarra High
CVE-2018-14371 was published for org.glassfish:mojarra-parent (Maven) May 14, 2022
Apache Geronimo Application Server multiple directory traversal vulnerabilities High
CVE-2008-5518 was published for org.apache.geronimo.plugins:console (Maven) May 14, 2022
MarkLee131
Asset Pipeline plugin for Grails vulnerable to Path Traversal High
CVE-2018-17605 was published for org.grails.plugins:asset-pipeline (Maven) May 14, 2022
RDF4J vulnerable to zip slip High
CVE-2018-20227 was published for org.eclipse.rdf4j:rdf4j (Maven) May 14, 2022
MarkLee131
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat High
CVE-2017-7675 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
tdunlap607
Asset Pipeline Grails Plugin vulnerable to Path Traversal High
CVE-2018-1000817 was published for org.grails.plugins:asset-pipeline (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins High
CVE-2018-1000863 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Path Traversal in io.hawt:project High
CVE-2017-2594 was published for io.hawt:project (Maven) May 13, 2022
Play Framework's Assets controller vulnerable to directory traversal High
CVE-2018-13864 was published for com.typesafe.play:play_2.12 (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow High
CVE-2018-1048 was published for org.jboss.eap:wildfly-undertow (Maven) May 13, 2022
Path Traversal in Jenkins High
CVE-2018-1000194 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Arbitrary filesystem write access from velocity. High
CVE-2022-24897 was published for org.xwiki.commons:xwiki-commons-velocity (Maven) Apr 28, 2022
kurt-r2c
Path traversal in the OWASP Enterprise Security API High
CVE-2022-23457 was published for org.owasp.esapi:esapi (Maven) Apr 27, 2022
JarLob
Path Traversal in Caucho Resin High
CVE-2021-44138 was published for com.caucho:resin (Maven) Apr 5, 2022
ProTip! Advisories are also available from the GraphQL API