GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
Apache Struts file upload logic is flawed
Critical
CVE-2024-53677
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 11, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Critical
CVE-2024-47883
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
CometVisu Backend for openHAB affected by RCE through path traversal
Critical
CVE-2024-42469
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
DeepJavaLibrary API absolute path traversal
Critical
CVE-2024-37902
was published
for
ai.djl:api
(Maven)
Jun 17, 2024
Genie Path Traversal vulnerability via File Uploads
Critical
CVE-2024-4701
was published
for
com.netflix.genie:genie-web
(Maven)
May 9, 2024
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Critical
CVE-2024-23897
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
Critical
CVE-2023-37913
was published
for
org.xwiki.platform:xwiki-platform-office-importer
(Maven)
Oct 25, 2023
Yamcs API Directory Traversal vulnerability
Critical
CVE-2023-45278
was published
for
org.yamcs:yamcs
(Maven)
Oct 19, 2023
Path Traversal in Apache Shiro
Critical
CVE-2023-34478
was published
for
org.apache.shiro:shiro-web
(Maven)
Jul 24, 2023
Apache StreamPark Path Traversal vulnerability
Critical
CVE-2022-45802
was published
for
org.apache.streampark:streampark-common_2.11
(Maven)
Jul 6, 2023
Apache Linkis Zip Slip issue
Critical
CVE-2023-27603
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
Arbitrary file deletion in ureport
Critical
CVE-2023-24188
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Feb 13, 2023
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
Critical
CVE-2023-24057
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Jan 23, 2023
SCIFIO vulnerable to Path Traversal
Critical
CVE-2022-4493
was published
for
io.scif:scifio
(Maven)
Dec 14, 2022
Keycloak vulnerable to path traversal via double URL encoding
Critical
CVE-2022-3782
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
Apache Ivy does not verify target path when extracting the archive
Critical
CVE-2022-37865
was published
for
org.apache.ivy:ivy
(Maven)
Nov 7, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21686
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21690
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21692
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Path Traversal in Apache Struts
Critical
CVE-2016-6795
was published
for
org.apache.struts:struts2-convention-plugin
(Maven)
May 14, 2022
Path traversal in Hadoop
Critical
CVE-2022-26612
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Apr 8, 2022
Path Traversal in Eclipse Vert
Critical
CVE-2019-17640
was published
for
io.vertx:vertx-web
(Maven)
Feb 10, 2022
Path Traversal in Crafter CMS Crafter Studio
Critical
CVE-2017-15681
was published
for
org.craftercms:crafter-studio
(Maven)
Feb 9, 2022
Neo4j Graph Database vulnerable to Path Traversal
Critical
CVE-2021-42767
was published
for
org.neo4j.procedure:apoc
(Maven)
Feb 1, 2022
ProTip!
Advisories are also available from the
GraphQL API