Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,209 advisories

Loading
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs High
CVE-2022-35920 was published for sanic (pip) Aug 6, 2022
Jenkins Deployer Framework Plugin vulnerable to Path Traversal Moderate
CVE-2022-36890 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment Moderate
CVE-2022-36889 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin High
CVE-2022-36894 was published for org.jenkins-ci.plugins:clif-performance-testing (Maven) Jul 28, 2022
NotMyFault
snyk-broker Path Traversal before v4.73.0 Moderate
CVE-2020-7649 was published for snyk-broker (npm) Jul 26, 2022
TZInfo relative path traversal vulnerability allows loading of arbitrary files High
CVE-2022-31163 was published for tzinfo (RubyGems) Jul 21, 2022
kratob
Partial Path Traversal in com.amazonaws:aws-java-sdk-s3 High
CVE-2022-31159 was published for com.amazonaws:aws-java-sdk-s3 (Maven) Jul 15, 2022
JLLeitschuh
Ganga allows absolute path traversal Critical
CVE-2022-31507 was published for ganga (pip) Jul 13, 2022
mat2 before 0.13.0 allows directory traversal during the ZIP archive cleaning process. High
CVE-2022-35410 was published for mat2 (pip) Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function Critical
CVE-2022-31573 was published for chainerrl-visualizer (pip) Jul 12, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely Critical
CVE-2022-31558 was published for shiva (pip) Jul 12, 2022
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely Critical
CVE-2022-31506 was published for opendiamond (pip) Jul 12, 2022
Path Traversal in Beego Critical
CVE-2022-31836 was published for github.com/beego/beego (Go) Jul 6, 2022
Path traversal mitigation bypass in OctoRPKI High
GHSA-3jhm-87m6-x959 was published for github.com/cloudflare/cfrpki (Go) Jun 25, 2022
wuhan005 iifiigii
Path traversal in Concrete CMS Critical
CVE-2022-30117 was published for concrete5/core (Composer) Jun 25, 2022
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34170 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault sunSUNQ
Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin Moderate
CVE-2022-34179 was published for org.jenkins-ci.plugins:embeddable-build-status (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34171 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34172 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin High
CVE-2022-34177 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34173 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Insecure path traversal in Git Trigger Source can lead to arbitrary file read High
CVE-2022-25856 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski AdamKorcz
tower-http's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-wwh2-r387-g5rm was published for tower-http (Rust) Jun 17, 2022
RustEmbed generated `get` method allows for directory traversal when reading files from disk Moderate
GHSA-cgw6-f3mj-h742 was published for rust-embed (Rust) Jun 17, 2022
User account escalation in Apache Hadoop High
CVE-2021-33036 was published for org.apache.hadoop:hadoop-yarn-server-common (Maven) Jun 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database