GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
253 advisories
Filter by severity
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Critical
CVE-2024-23897
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
RDF4J vulnerable to zip slip
High
CVE-2018-20227
was published
for
org.eclipse.rdf4j:rdf4j
(Maven)
May 14, 2022
Jenkins Remoting library arbitrary file read vulnerability
Critical
CVE-2024-43044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
CometVisu Backend for openHAB has a path traversal vulnerability
Moderate
CVE-2024-42468
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
CometVisu Backend for openHAB affected by RCE through path traversal
Critical
CVE-2024-42469
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Reposilite Arbitrary File Read vulnerability
High
CVE-2024-36117
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 5, 2024
Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`)
High
CVE-2024-36116
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
Keycloak path traversal vulnerability in redirection validation
High
CVE-2024-1132
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
High
CVE-2024-24749
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
DeepJavaLibrary API absolute path traversal
Critical
CVE-2024-37902
was published
for
ai.djl:api
(Maven)
Jun 17, 2024
Jenkins Report Info Plugin Path Traversal vulnerability
Moderate
CVE-2024-5273
was published
for
org.jenkins-ci.plugins:report-info
(Maven)
May 24, 2024
OpenAPI Generator Online - Arbitrary File Read/Delete
High
CVE-2024-35219
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 28, 2024
Path Traversal in Apache Flink
High
CVE-2020-17519
was published
for
org.apache.flink:flink-runtime_2.11
(Maven)
Jan 6, 2021
Genie Path Traversal vulnerability via File Uploads
Critical
CVE-2024-4701
was published
for
com.netflix.genie:genie-web
(Maven)
May 9, 2024
Apache Zeppelin Path Traversal vulnerability
Moderate
CVE-2024-31860
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
plexus-codehaus vulnerable to directory traversal
High
CVE-2022-4244
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
Sep 25, 2023
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
High
CVE-2024-27317
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
High
CVE-2023-34062
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Nov 15, 2023
JADX file override vulnerability
Low
GHSA-hvp5-5x4f-33fq
was published
for
io.github.skylot:jadx-core
(Maven)
Apr 22, 2024
Path Traversal in Jenkins
Moderate
CVE-2018-1000406
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Path traversal in org.springframework.integration:spring-integration-zip
Moderate
CVE-2018-1261
was published
for
org.springframework.integration:spring-integration-zip
(Maven)
Oct 18, 2018
spring-integration-zip Arbitrary File Write
Moderate
CVE-2018-1263
was published
for
org.springframework.integration:spring-integration-zip
(Maven)
May 13, 2022
Path traversal in flaskcode Devan-Kerman ARRP
High
CVE-2024-24042
was published
for
net.devtech:arrp
(Maven)
Mar 19, 2024
ZipSlip in org.apache.storm:storm-core
Moderate
CVE-2018-8008
was published
for
org.apache.storm:storm-core
(Maven)
Oct 16, 2018
ProTip!
Advisories are also available from the
GraphQL API