Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

265 advisories

Loading
SCIFIO vulnerable to Path Traversal Critical
CVE-2022-4493 was published for io.scif:scifio (Maven) Dec 14, 2022
Apache Atlas: zip path traversal in import functionality High
CVE-2022-34271 was published for org.apache.atlas:apache-atlas (Maven) Dec 14, 2022
Keycloak vulnerable to path traversal via double URL encoding Critical
CVE-2022-3782 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
FusionAuth vulnerable to directory traversal attack High
CVE-2022-45921 was published for io.fusionauth:fusionauth-java-client (Maven) Nov 28, 2022
TestNG is vulnerable to Path Traversal High
CVE-2022-4065 was published for org.testng:testng (Maven) Nov 19, 2022
cosmotron ljacomet
mayerrobert
Jenkins Config Rotator Plugin vulnerable to path traversal High
CVE-2022-45388 was published for org.jenkins-ci.main:config-rotator (Maven) Nov 16, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin High
CVE-2022-45381 was published for org.jenkins-ci.plugins:pipeline-utility-steps (Maven) Nov 16, 2022
NotMyFault
Path Traversal in Liferay Portal High
CVE-2022-42123 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Path Traversal in Liferay Portal High
CVE-2022-42125 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Apache Ivy vulnerable to path traversal High
CVE-2022-37866 was published for org.apache.ivy:ivy (Maven) Nov 7, 2022
Apache Ivy does not verify target path when extracting the archive Critical
CVE-2022-37865 was published for org.apache.ivy:ivy (Maven) Nov 7, 2022
Apache UIMA Path Traversal vulnerability High
CVE-2022-32287 was published for org.apache.uima:uimaj-core (Maven) Nov 3, 2022
Apache DolphinScheduler vulnerable to Path Traversal Moderate
CVE-2022-34662 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Nov 1, 2022
Apache DolphinScheduler vulnerable to Path Traversal Moderate
CVE-2022-26884 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Oct 28, 2022
Path traversal in Jenkins build-publisher Plugin Moderate
CVE-2022-41231 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
Jenkins WildFly Deployer Plugin vulnerable to path traversal Moderate
CVE-2022-41235 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) Sep 22, 2022
NotMyFault
Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations High
CVE-2022-26049 was published for com.diffplug.gradle:goomph (Maven) Sep 12, 2022
Keycloak has Files or Directories Accessible to External Parties Moderate
CVE-2021-3856 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
Path Traversal in Gravitee API Management Moderate
CVE-2019-25075 was published for io.gravitee.apim:gravitee-api-management (Maven) Aug 24, 2022
Path Traversal in Payara High
CVE-2022-37422 was published for fish.payara.api:payara-bom (Maven) Aug 19, 2022
Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource` Moderate
CVE-2022-36007 was published for com.github.jlangch:venice (Maven) Aug 18, 2022
JLLeitschuh
Neo4j Graph apoc plugins Partial Path Traversal Vulnerability Moderate
CVE-2022-37423 was published for org.neo4j.procedure:apoc (Maven) Aug 12, 2022
JLLeitschuh
DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import High
CVE-2022-31195 was published for org.dspace:dspace-api (Maven) Aug 6, 2022
JSPUI vulnerable to path traversal in submission (resumable) upload High
CVE-2022-31194 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment Moderate
CVE-2022-36889 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database