Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

375 advisories

Loading
Duplicate Advisory: KubeVirt arbitrary host file read from the VM Moderate
CVE-2022-1798 was published for kubevirt.io/kubevirt (Go) Aug 18, 2022 withdrawn
0xdidu michaelkedar
Neo4j Graph apoc plugins Partial Path Traversal Vulnerability Moderate
CVE-2022-37423 was published for org.neo4j.procedure:apoc (Maven) Aug 12, 2022
JLLeitschuh
Streamlit directory traversal vulnerability Moderate
CVE-2022-35918 was published for streamlit (pip) Aug 6, 2022
Jenkins Deployer Framework Plugin vulnerable to Path Traversal Moderate
CVE-2022-36890 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment Moderate
CVE-2022-36889 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
NotMyFault
snyk-broker Path Traversal before v4.73.0 Moderate
CVE-2020-7649 was published for snyk-broker (npm) Jul 26, 2022
Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin Moderate
CVE-2022-34179 was published for org.jenkins-ci.plugins:embeddable-build-status (Maven) Jun 24, 2022
NotMyFault
tower-http's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-wwh2-r387-g5rm was published for tower-http (Rust) Jun 17, 2022
RustEmbed generated `get` method allows for directory traversal when reading files from disk Moderate
GHSA-cgw6-f3mj-h742 was published for rust-embed (Rust) Jun 17, 2022
Path Traversal in FileGator Moderate
CVE-2022-1850 was published for filegator/filegator (Composer) May 25, 2022
Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files Moderate
CVE-2021-21698 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
NotMyFault
Path traversal vulnerability on Windows in Jenkins Moderate
CVE-2021-21683 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Magento Path Traversal vulnerability Moderate
CVE-2021-28584 was published for magento/community-edition (Composer) May 24, 2022
Grav CMS Local File Injection Moderate
CVE-2020-29556 was published for getgrav/grav (Composer) May 24, 2022
browsershot local file inclusion vulnerability Moderate
CVE-2020-7790 was published for spatie/browsershot (Composer) May 24, 2022
Arbitrary file read vulnerability in Jenkins Persona Plugin Moderate
CVE-2020-2293 was published for org.jenkins-ci.plugins:persona (Maven) May 24, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins Storable Configs Plugin Moderate
CVE-2020-2278 was published for org.jvnet.hudson.plugins:storable-configs-plugin (Maven) May 24, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins Storable Configs Plugin Moderate
CVE-2020-2277 was published for org.jvnet.hudson.plugins:storable-configs-plugin (Maven) May 24, 2022
NotMyFault
Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin Moderate
CVE-2020-2275 was published for org.jvnet.hudson.plugins:copy-data-to-workspace-plugin (Maven) May 24, 2022
NotMyFault
Path traversal vulnerability in Blue Ocean Plugin Moderate
CVE-2020-2254 was published for io.jenkins.blueocean:blueocean (Maven) May 24, 2022
NotMyFault
Magento path traversal vulnerability Moderate
CVE-2020-9689 was published for magento/community-edition (Composer) May 24, 2022
Arbitrary file write vulnerability in Jenkins Cobertura Plugin Moderate
CVE-2020-2139 was published for org.jenkins-ci.plugins:cobertura (Maven) May 24, 2022
NotMyFault
Magento Path Traversal Moderate
CVE-2020-3717 was published for magento/community-edition (Composer) May 24, 2022
TYPO3 Directory Traversal on ZIP extraction Moderate
CVE-2019-19848 was published for typo3/cms (Composer) May 24, 2022
Ignite Realtime Openfire directory traversal vulnerability Moderate
CVE-2019-18393 was published for org.igniterealtime.openfire:parent (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database