GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
253 advisories
Filter by severity
path traversal in Jooby
Moderate
CVE-2020-7647
was published
for
io.jooby:jooby
(Maven)
May 13, 2020
Moderate severity vulnerability that affects com.sparkjava:spark-core
Moderate
CVE-2018-9159
was published
for
com.sparkjava:spark-core
(Maven)
Oct 19, 2018
High severity vulnerability that affects org.dspace:dspace-xmlui
High
CVE-2016-10726
was published
for
org.dspace:dspace-xmlui
(Maven)
Oct 19, 2018
In blynk-server a Directory Traversal exists
High
CVE-2018-17785
was published
for
com.github.blynkkk:blynk-server
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf
Moderate
CVE-2019-0191
was published
for
org.apache.karaf:apache-karaf
(Maven)
Mar 25, 2019
Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI
High
CVE-2016-9177
was published
for
com.sparkjava:spark-core
(Maven)
Oct 4, 2018
Moderate severity vulnerability that affects org.apache.tika:tika-core
Moderate
CVE-2018-11762
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
High
CVE-2018-17297
was published
for
cn.hutool:hutool-all
(Maven)
Oct 17, 2018
Directory traversal in Apache RocketMQ
Moderate
CVE-2019-17572
was published
for
org.apache.rocketmq:rocketmq-broker
(Maven)
Jul 1, 2020
Directory Traversal vulnerability in Square Retrofit
High
CVE-2018-1000850
was published
for
com.squareup.retrofit2:retrofit
(Maven)
Dec 21, 2018
Path Traversal in minsoft:ms-mcms
High
CVE-2018-18831
was published
for
net.mingsoft:ms-mcms
(Maven)
Nov 1, 2018
Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war
High
CVE-2019-0225
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Apr 8, 2019
Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core
High
CVE-2017-3163
was published
for
org.apache.solr:solr-core
(Maven)
Oct 18, 2018
Gravitee API Management contains Path Traversal
High
CVE-2022-38723
was published
for
io.gravitee.apim:gravitee-api-management
(Maven)
Jan 4, 2023
org.neo4j.procedure:apoc Path Traversal Vulnerability
High
CVE-2022-23532
was published
for
org.neo4j.procedure:apoc
(Maven)
Jan 13, 2023
Keycloak vulnerable to path traversal via double URL encoding
Critical
CVE-2022-3782
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
Path traversal in Jenkins Phoenix AutoTest Plugin
Moderate
CVE-2022-28156
was published
for
com.surenpi.jenkins:phoenix-autotest
(Maven)
Mar 30, 2022
Path traversal in Hadoop
Critical
CVE-2022-26612
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Apr 8, 2022
Path Traversal in Caucho Resin
High
CVE-2021-44138
was published
for
com.caucho:resin
(Maven)
Apr 5, 2022
Path Traversal in Jenkins
High
CVE-2018-1000194
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in zt-zip
Moderate
CVE-2018-1002201
was published
for
org.zeroturnaround:zt-zip
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Moderate
CVE-2016-5725
was published
for
com.jcraft:jsch
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow
High
CVE-2018-1048
was published
for
org.jboss.eap:wildfly-undertow
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
Moderate
CVE-2015-5531
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
Moderate
CVE-2018-1002200
was published
for
org.codehaus.plexus:plexus-archiver
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API