Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
Reposilite Arbitrary File Read vulnerability High
CVE-2024-36117 was published for com.reposilite:reposilite-backend (Maven) Aug 5, 2024
Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`) High
CVE-2024-36116 was published for com.reposilite:reposilite-backend (Maven) Aug 2, 2024
artsploit
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat High
CVE-2024-24749 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
Kai5174 sikeoka
jodygarnett
OpenAPI Generator Online - Arbitrary File Read/Delete High
CVE-2024-35219 was published for org.openapitools:openapi-generator-online (Maven) May 28, 2024
stefan-schiller-sonarsource
Keycloak path traversal vulnerability in redirection validation High
CVE-2024-1132 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
GeoServer log file path traversal vulnerability High
CVE-2023-41877 was published for org.geoserver:gs-main (Maven) Mar 20, 2024
Anthares101 sumiitgurjar
Path traversal in flaskcode Devan-Kerman ARRP High
CVE-2024-24042 was published for net.devtech:arrp (Maven) Mar 19, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification High
CVE-2024-27317 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
OpenRefine JDBC Attack Vulnerability High
CVE-2024-23833 was published for org.openrefine:database (Maven) Feb 12, 2024
l0n3rs
Apache Sling Servlets Resolver executes malicious code via path traversal High
CVE-2024-23673 was published for org.apache.sling:org.apache.sling.servlets.resolver (Maven) Feb 6, 2024
Directory Traversal in JFinalCMS High
CVE-2023-50449 was published for com.jfinal:jfinal (Maven) Dec 10, 2023
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.tiles:tiles-core (Maven) Dec 1, 2023
ureport arbitrary file read vulnerability High
CVE-2023-48848 was published for com.bstek.ureport:ureport2-core (Maven) Nov 28, 2023
Zip slip in mleap High
CVE-2023-5245 was published for ml.combust.mleap:mleap-runtime_2.12 (Maven) Nov 15, 2023
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack High
CVE-2023-34062 was published for io.projectreactor.netty:reactor-netty-http (Maven) Nov 15, 2023
mpihelgas
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion High
CVE-2023-46654 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Yamcs Path Traversal vulnerability High
CVE-2023-45277 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
plexus-codehaus vulnerable to directory traversal High
CVE-2022-4244 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function High
CVE-2023-40828 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via the zippluginPath parameter High
CVE-2023-40826 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter High
CVE-2023-40827 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
Arbitrary File Creation in AbstractUnArchiver High
CVE-2023-37460 was published for org.codehaus.plexus:plexus-archiver (Maven) Jul 25, 2023
uriyay-jfrog
Administration Console authentication bypass in openfire xmppserver High
CVE-2023-32315 was published for org.igniterealtime.openfire:xmppserver (Maven) May 23, 2023
akrherz Fishbowler
guusdk Siebene
HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057 High
CVE-2023-28465 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 10, 2023
JLLeitschuh
org.neo4j.procedure:apoc Path Traversal Vulnerability High
CVE-2022-23532 was published for org.neo4j.procedure:apoc (Maven) Jan 13, 2023
ProTip! Advisories are also available from the GraphQL API