GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
Reposilite Arbitrary File Read vulnerability
High
CVE-2024-36117
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 5, 2024
Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`)
High
CVE-2024-36116
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
High
CVE-2024-24749
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
OpenAPI Generator Online - Arbitrary File Read/Delete
High
CVE-2024-35219
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 28, 2024
Keycloak path traversal vulnerability in redirection validation
High
CVE-2024-1132
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
GeoServer log file path traversal vulnerability
High
CVE-2023-41877
was published
for
org.geoserver:gs-main
(Maven)
Mar 20, 2024
Path traversal in flaskcode Devan-Kerman ARRP
High
CVE-2024-24042
was published
for
net.devtech:arrp
(Maven)
Mar 19, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
High
CVE-2024-27317
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
OpenRefine JDBC Attack Vulnerability
High
CVE-2024-23833
was published
for
org.openrefine:database
(Maven)
Feb 12, 2024
Apache Sling Servlets Resolver executes malicious code via path traversal
High
CVE-2024-23673
was published
for
org.apache.sling:org.apache.sling.servlets.resolver
(Maven)
Feb 6, 2024
Directory Traversal in JFinalCMS
High
CVE-2023-50449
was published
for
com.jfinal:jfinal
(Maven)
Dec 10, 2023
Apache Tiles: Unvalidated input may lead to path traversal and XXE
High
CVE-2023-49735
was published
for
org.apache.tiles:tiles-core
(Maven)
Dec 1, 2023
ureport arbitrary file read vulnerability
High
CVE-2023-48848
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Nov 28, 2023
Zip slip in mleap
High
CVE-2023-5245
was published
for
ml.combust.mleap:mleap-runtime_2.12
(Maven)
Nov 15, 2023
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
High
CVE-2023-34062
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Nov 15, 2023
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
High
CVE-2023-46654
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
Oct 25, 2023
Yamcs Path Traversal vulnerability
High
CVE-2023-45277
was published
for
org.yamcs:yamcs
(Maven)
Oct 19, 2023
plexus-codehaus vulnerable to directory traversal
High
CVE-2022-4244
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
Sep 25, 2023
Jeecg boot arbitrary file read vulnerability
High
CVE-2023-41578
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Sep 8, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function
High
CVE-2023-40828
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
pf4j vulnerable to remote code execution via the zippluginPath parameter
High
CVE-2023-40826
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter
High
CVE-2023-40827
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
Arbitrary File Creation in AbstractUnArchiver
High
CVE-2023-37460
was published
for
org.codehaus.plexus:plexus-archiver
(Maven)
Jul 25, 2023
Administration Console authentication bypass in openfire xmppserver
High
CVE-2023-32315
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
May 23, 2023
HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057
High
CVE-2023-28465
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Mar 10, 2023
ProTip!
Advisories are also available from the
GraphQL API