Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

6,264 advisories

Loading
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf Moderate
CVE-2019-0191 was published for org.apache.karaf:apache-karaf (Maven) Mar 25, 2019
Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI High
CVE-2016-9177 was published for com.sparkjava:spark-core (Maven) Oct 4, 2018
Moderate severity vulnerability that affects org.apache.tika:tika-core Moderate
CVE-2018-11762 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal High
CVE-2018-17297 was published for cn.hutool:hutool-all (Maven) Oct 17, 2018
Directory Traversal in serve High
CVE-2019-5417 was published for serve (npm) Mar 25, 2019
Directory Traversal in send Low
CVE-2014-6394 was published for send (npm) Oct 24, 2017
Directory traversal in Apache RocketMQ Moderate
CVE-2019-17572 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 1, 2020
Path Traversal in socket.io-file High
CVE-2020-15779 was published for socket.io-file (npm) Jul 7, 2020
Path Traversal in cordova-plugin-ionic-webview High
CVE-2018-16202 was published for cordova-plugin-ionic-webview (npm) Feb 12, 2019
Directory Traversal vulnerability in Square Retrofit High
CVE-2018-1000850 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Hidden Directories Always Served in inert Moderate
CVE-2014-10068 was published for inert (npm) Aug 31, 2020
Directory Traversal in fancy-server High
CVE-2014-10066 was published for fancy-server (npm) Aug 31, 2020
Directory Traversal in nodeload-nmickuli High
GHSA-wmcq-3wfx-qjx5 was published for nodeload-nmickuli (npm) Sep 1, 2020
Directory Traversal in featurebook Moderate
GHSA-7x92-2j68-h32c was published for featurebook (npm) Sep 1, 2020
Path Traversal in bruteser High
GHSA-v7cp-5326-54fh was published for bruteser (npm) Sep 3, 2020
Directory Traversal in restafary Moderate
CVE-2016-10528 was published for restafary (npm) Feb 18, 2019
Directory traversal outside of SENDFILE_ROOT in django-sendfile2 Moderate
GHSA-6r3c-8xf3-ggrr was published for django-sendfile2 (pip) Jun 24, 2020
gipi moggers87
Directory Traversal in st High
CVE-2014-3744 was published for st (npm) Aug 31, 2020
Path Traversal in minsoft:ms-mcms High
CVE-2018-18831 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
Directory traversal in rollup-plugin-server High
CVE-2020-7683 was published for rollup-plugin-server (npm) Jul 29, 2020
Path Traversal in @wturyn/swagger-injector Critical
GHSA-4x7w-frcq-v4m3 was published for @wturyn/swagger-injector (npm) Sep 3, 2020
Path Traversal in swagger-injector Critical
GHSA-v4x8-gw49-7hv4 was published for swagger-injector (npm) Sep 3, 2020
Directory Traversal in wenluhong1 High
GHSA-224h-p7p5-rh85 was published for wenluhong1 (npm) Sep 1, 2020
Directory Traversal in yjmyjmyjm High
GHSA-g376-whg7-896m was published for yjmyjmyjm (npm) Sep 1, 2020
Directory Traversal in @vivaxy/here High
GHSA-m4vv-p6fq-jhqp was published for @vivaxy/here (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database