Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI High
CVE-2016-9177 was published for com.sparkjava:spark-core (Maven) Oct 4, 2018
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized High
CVE-2016-9878 was published for org.springframework:spring-webmvc (Maven) Oct 4, 2018
sunSUNQ
In blynk-server a Directory Traversal exists High
CVE-2018-17785 was published for com.github.blynkkk:blynk-server (Maven) Oct 17, 2018
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal High
CVE-2018-17297 was published for cn.hutool:hutool-all (Maven) Oct 17, 2018
Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core High
CVE-2017-3163 was published for org.apache.solr:solr-core (Maven) Oct 18, 2018
High severity vulnerability that affects org.dspace:dspace-xmlui High
CVE-2016-10726 was published for org.dspace:dspace-xmlui (Maven) Oct 19, 2018
Path Traversal in minsoft:ms-mcms High
CVE-2018-18831 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
XXL-CONF Path Traversal vulnerability High
CVE-2018-20094 was published for com.xuxueli:xxl-conf-admin (Maven) Dec 19, 2018
Directory Traversal vulnerability in Square Retrofit High
CVE-2018-1000850 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Path Traversal in Hadoop High
CVE-2018-8009 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
MarkLee131
Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war High
CVE-2019-0225 was published for org.apache.jspwiki:jspwiki-war (Maven) Apr 8, 2019
Path Traversal in Apache Camel High
CVE-2019-0194 was published for org.apache.camel:camel-core (Maven) May 2, 2019
Path Traversal in DKPro Core High
CVE-2019-11082 was published for de.tudarmstadt.ukp.dkpro.core:de.tudarmstadt.ukp.dkpro.core.api.datasets-asl (Maven) May 29, 2019
Path traversal attack on Windows platforms High
CVE-2019-0207 was published for org.apache.tapestry:tapestry-core (Maven) Nov 18, 2019
Directory traversal attack in Spring Cloud Config High
CVE-2020-5410 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Jun 5, 2020
Directory Traversal in spring-boot-actuator-logview High
CVE-2021-21234 was published for eu.hinsch:spring-boot-actuator-logview (Maven) Jan 5, 2021
st0rmi
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
Path Traversal in the Java Kubernetes Client High
CVE-2020-8570 was published for io.kubernetes:client-java (Maven) Jan 29, 2021
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in micronaut-core High
CVE-2021-32769 was published for io.micronaut:micronaut-http-server-netty (Maven) Jul 26, 2021
strmik
Directory traversal in Eclipse Mojarra High
CVE-2020-6950 was published for org.glassfish:mojarra-parent (Maven) Sep 1, 2021
Path Traversal in com.linecorp.armeria:armeria High
CVE-2021-43795 was published for com.linecorp.armeria:armeria (Maven) Dec 2, 2021
Path Traversal in Jenkins Warnings Next Generation Plugin High
CVE-2022-23107 was published for io.jenkins.plugins:warnings-ng (Maven) Jan 21, 2022
westonsteimel
Path Traversal High
CVE-2020-14366 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Upload of file to arbitrary path in Apache Flink High
CVE-2020-17518 was published for org.apache.flink:flink-runtime (Maven) Feb 9, 2022
Path Traversal in Crafter CMS Crafter Studio High
CVE-2017-15684 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API