Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

253 advisories

Loading
Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI High
CVE-2016-9177 was published for com.sparkjava:spark-core (Maven) Oct 4, 2018
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized High
CVE-2016-9878 was published for org.springframework:spring-webmvc (Maven) Oct 4, 2018
sunSUNQ
ZipSlip in org.apache.storm:storm-core Moderate
CVE-2018-8008 was published for org.apache.storm:storm-core (Maven) Oct 16, 2018
MarkLee131
Apache Camel's Mail is vulnerable to path traversal Moderate
CVE-2018-8041 was published for org.apache.camel:camel-mail (Maven) Oct 16, 2018
MarkLee131 sunSUNQ
Moderate severity vulnerability that affects org.apache.tika:tika-core Moderate
CVE-2018-11762 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location Critical
CVE-2018-12542 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
tdunlap607
In blynk-server a Directory Traversal exists High
CVE-2018-17785 was published for com.github.blynkkk:blynk-server (Maven) Oct 17, 2018
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal High
CVE-2018-17297 was published for cn.hutool:hutool-all (Maven) Oct 17, 2018
Path Traversal in org.springframework:spring-core Moderate
CVE-2018-1271 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core High
CVE-2017-3163 was published for org.apache.solr:solr-core (Maven) Oct 18, 2018
Path traversal in org.springframework.integration:spring-integration-zip Moderate
CVE-2018-1261 was published for org.springframework.integration:spring-integration-zip (Maven) Oct 18, 2018
MarkLee131
High severity vulnerability that affects org.dspace:dspace-xmlui High
CVE-2016-10726 was published for org.dspace:dspace-xmlui (Maven) Oct 19, 2018
Improper Input Validation in org.wildfly:wildfly-undertow Moderate
CVE-2018-1047 was published for org.wildfly:wildfly-undertow (Maven) Oct 19, 2018
Moderate severity vulnerability that affects com.sparkjava:spark-core Moderate
CVE-2018-9159 was published for com.sparkjava:spark-core (Maven) Oct 19, 2018
Path Traversal in minsoft:ms-mcms High
CVE-2018-18831 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
XXL-CONF Path Traversal vulnerability High
CVE-2018-20094 was published for com.xuxueli:xxl-conf-admin (Maven) Dec 19, 2018
Directory Traversal vulnerability in Square Retrofit High
CVE-2018-1000850 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Path Traversal in Hadoop High
CVE-2018-8009 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
MarkLee131
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf Moderate
CVE-2019-0191 was published for org.apache.karaf:apache-karaf (Maven) Mar 25, 2019
Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war High
CVE-2019-0225 was published for org.apache.jspwiki:jspwiki-war (Maven) Apr 8, 2019
Path Traversal in Apache Camel High
CVE-2019-0194 was published for org.apache.camel:camel-core (Maven) May 2, 2019
Path Traversal in Spring Cloud Config Moderate
CVE-2019-3799 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 23, 2019
Path Traversal in DKPro Core High
CVE-2019-11082 was published for de.tudarmstadt.ukp.dkpro.core:de.tudarmstadt.ukp.dkpro.core.api.datasets-asl (Maven) May 29, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms Moderate
CVE-2019-13237 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Path traversal attack on Windows platforms High
CVE-2019-0207 was published for org.apache.tapestry:tapestry-core (Maven) Nov 18, 2019
ProTip! Advisories are also available from the GraphQL API