Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,346
Maven
5,000+
npm
3,976
NuGet
720
pip
3,772
Pub
12
RubyGems
923
Rust
980
Swift
38
Unreviewed advisories
All unreviewed
5,000+

279 advisories

Loading
Arbitrary file read vulnerability in Jenkins Log Command Plugin High
CVE-2024-23904 was published for org.jenkins-ci.plugins:log-command (Maven) Jan 24, 2024
Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter Moderate
CVE-2008-1301 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter Moderate
CVE-2006-3934 was published for org.opencms:opencms-core (Maven) May 1, 2022
Liferay Portal path traversal vulnerability with the downloading and installation of Xuggler High
CVE-2025-3594 was published for com.liferay:com.liferay.server.admin.web (Maven) Jun 16, 2025
Solon Vulnerable to Directory Traversal Moderate
CVE-2025-46096 was published for org.noear:solon-faas-luffy (Maven) Jun 13, 2025
OpenRefine vulnerable to zip slip in project import Moderate
CVE-2023-37476 was published for org.openrefine:main (Maven) Jul 18, 2023
stefan-schiller-sonarsource
Arbitrary file read vulnerability in Git server Plugin can lead to RCE High
CVE-2024-23899 was published for org.jenkins-ci.plugins:git-server (Maven) Jan 24, 2024
Jenkins WildFly Deployer Plugin vulnerable to path traversal Moderate
CVE-2022-41235 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) Sep 22, 2022
NotMyFault
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
joshbressers
io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage Moderate
CVE-2025-32950 was published for io.jmix.localfs:jmix-localfs (Maven) Apr 22, 2025
shadowsock5 AnonySE26
Apache DolphinScheduler vulnerable to Path Traversal Moderate
CVE-2022-34662 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Nov 1, 2022
Apache Ivy does not verify target path when extracting the archive Critical
CVE-2022-37865 was published for org.apache.ivy:ivy (Maven) Nov 7, 2022
WSO2 Carbon directory traversal vulnerability Moderate
CVE-2016-4314 was published for org.wso2.carbon.commons:org.wso2.carbon.logging.view.ui (Maven) May 14, 2022
Apache OpenMeetings Directory Traversal vulnerability Moderate
CVE-2016-0784 was published for org.apache.openmeetings:openmeetings-install (Maven) May 14, 2022
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
chximn-dt
Jenkins Image Gallery Plugin allows Path Traversal Moderate
CVE-2016-4987 was published for com.tupilabs.image_gallery:image-gallery (Maven) May 13, 2022
Jenkins TAP Plugin allows Path Traversal High
CVE-2016-4986 was published for org.tap4j:tap (Maven) May 13, 2022
Jenkins has Local File Inclusion Vulnerability Moderate
CVE-2015-5322 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Apache Sling Servlets Resolver executes malicious code via path traversal High
CVE-2024-23673 was published for org.apache.sling:org.apache.sling.servlets.resolver (Maven) Feb 6, 2024
Path Traversal in Apache Shiro Critical
CVE-2023-34478 was published for org.apache.shiro:shiro-web (Maven) Jul 24, 2023
S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends Moderate
CVE-2025-24961 was published for org.gaul:s3proxy (Maven) Feb 3, 2025
xbow-security
Deep Java Library path traversal issue Critical
CVE-2025-0851 was published for ai.djl:api (Maven) Jan 29, 2025
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification Critical
CVE-2024-27317 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
Path traversal vulnerability in functional web frameworks High
CVE-2024-38816 was published for org.springframework:spring-webflux (Maven) Sep 13, 2024
Malayke AlexeyTsvetkov
andreeaButerchi aantonel-sysdig
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database