GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
117 advisories
Filter by severity
ZipSlip in org.apache.storm:storm-core
Moderate
CVE-2018-8008
was published
for
org.apache.storm:storm-core
(Maven)
Oct 16, 2018
Apache Camel's Mail is vulnerable to path traversal
Moderate
CVE-2018-8041
was published
for
org.apache.camel:camel-mail
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.tika:tika-core
Moderate
CVE-2018-11762
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Path Traversal in org.springframework:spring-core
Moderate
CVE-2018-1271
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Path traversal in org.springframework.integration:spring-integration-zip
Moderate
CVE-2018-1261
was published
for
org.springframework.integration:spring-integration-zip
(Maven)
Oct 18, 2018
Improper Input Validation in org.wildfly:wildfly-undertow
Moderate
CVE-2018-1047
was published
for
org.wildfly:wildfly-undertow
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects com.sparkjava:spark-core
Moderate
CVE-2018-9159
was published
for
com.sparkjava:spark-core
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf
Moderate
CVE-2019-0191
was published
for
org.apache.karaf:apache-karaf
(Maven)
Mar 25, 2019
Path Traversal in Spring Cloud Config
Moderate
CVE-2019-3799
was published
for
org.springframework.cloud:spring-cloud-config-server
(Maven)
May 23, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
Moderate
CVE-2019-13237
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
path traversal in Jooby
Moderate
CVE-2020-7647
was published
for
io.jooby:jooby
(Maven)
May 13, 2020
Directory traversal attack in Spring Cloud Config
Moderate
CVE-2020-5405
was published
for
org.springframework.cloud:spring-cloud-config-server
(Maven)
Jun 5, 2020
Directory traversal in Apache RocketMQ
Moderate
CVE-2019-17572
was published
for
org.apache.rocketmq:rocketmq-broker
(Maven)
Jul 1, 2020
MPXJ path Traversal vulnerability
Moderate
CVE-2020-35460
was published
for
net.sf.mpxj:mpxj
(Maven)
Dec 18, 2020
Directory traversal in development mode handler in Vaadin 14 and 15-17
Moderate
CVE-2020-36321
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Path Traversal and Improper Input Validation in Apache Commons IO
Moderate
CVE-2021-29425
was published
for
com.cosium.vet:vet
(Maven)
Apr 26, 2021
StaticFile.fromUrl can leak presence of a directory
Moderate
CVE-2021-32643
was published
for
org.http4s:http4s-core
(Maven)
May 28, 2021
Path traversal vulnerability in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23113
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
Path traversal in Apache Karaf
Moderate
CVE-2022-22932
was published
for
org.apache.karaf:apache-karaf
(Maven)
Jan 28, 2022
Path Traversal in Apache James Server
Moderate
CVE-2022-22931
was published
for
org.apache.james:james-server
(Maven)
Feb 8, 2022
Path traversal in xwiki-platform-skin-skinx
Moderate
CVE-2022-23620
was published
for
org.xwiki.platform:xwiki-platform-skin-skinx
(Maven)
Feb 9, 2022
Path traversal vulnerability in Jenkins Fortify Plugin
Moderate
CVE-2022-25188
was published
for
org.jenkins-ci.plugins:fortify
(Maven)
Feb 16, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2022-25178
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Path Traversal in LemMinX
Moderate
CVE-2022-0673
was published
for
org.eclipse.lemminx:lemminx-parent
(Maven)
Feb 19, 2022
Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin
Moderate
CVE-2022-27208
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
ProTip!
Advisories are also available from the
GraphQL API