Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

286 advisories

Loading
Path traversal in the OWASP Enterprise Security API High
CVE-2022-23457 was published for org.owasp.esapi:esapi (Maven) Apr 27, 2022
JarLob
Credited to JarLob
Liferay Portal ComboServlet denial of service via large file combination Moderate
CVE-2025-62254 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 24, 2025
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
sunSUNQ
Credited to sunSUNQ
Administration Console authentication bypass in openfire xmppserver High
CVE-2023-32315 was published for org.igniterealtime.openfire:xmppserver (Maven) May 23, 2023
akrherz Fishbowler
guusdk Siebene
Credited to akrherz, Fishbowler, guusdk, and Siebene
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
Credited to stephanmiehe
Directory traversal attack in Spring Cloud Config High
CVE-2020-5410 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Jun 5, 2020
Mammoth is vulnerable to Directory Traversal Moderate
CVE-2025-11849 was published for Mammoth (Maven) Oct 17, 2025
Deep Java Library path traversal issue Critical
CVE-2025-0851 was published for ai.djl:api (Maven) Jan 29, 2025
Path traversal in Hadoop Critical
CVE-2022-26612 was published for org.apache.hadoop:hadoop-common (Maven) Apr 8, 2022
szymon-miezal
Credited to szymon-miezal
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet Moderate
CVE-2025-43813 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 30, 2025
Path Traversal in Liferay Portal High
CVE-2022-42123 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat Moderate
CVE-2015-5174 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
anlakii
Credited to anlakii
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat Moderate
CVE-2015-5345 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ anlakii
Credited to sunSUNQ and anlakii
Spring Framework MVC Applications Path Traversal Vulnerability Moderate
CVE-2025-41242 was published for org.springframework:spring-webmvc (Maven) Aug 18, 2025
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server Moderate
CVE-2025-49656 was published for org.apache.jena:jena-fuseki (Maven) Jul 21, 2025
Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module High
CVE-2022-28981 was published for com.liferay:com.liferay.headless.discovery.web (Maven) Sep 23, 2022
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
chximn-dt
Credited to chximn-dt
DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format Moderate
CVE-2025-53622 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
MMilosz kshepherd
Credited to MMilosz and kshepherd
Arbitrary file read vulnerability in Jenkins Log Command Plugin High
CVE-2024-23904 was published for org.jenkins-ci.plugins:log-command (Maven) Jan 24, 2024
Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter Moderate
CVE-2008-1301 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter Moderate
CVE-2006-3934 was published for org.opencms:opencms-core (Maven) May 1, 2022
Liferay Portal path traversal vulnerability with the downloading and installation of Xuggler High
CVE-2025-3594 was published for com.liferay:com.liferay.server.admin.web (Maven) Jun 16, 2025
Solon Vulnerable to Directory Traversal Moderate
CVE-2025-46096 was published for org.noear:solon-faas-luffy (Maven) Jun 13, 2025
OpenRefine vulnerable to zip slip in project import Moderate
CVE-2023-37476 was published for org.openrefine:main (Maven) Jul 18, 2023
stefan-schiller-sonarsource
Credited to stefan-schiller-sonarsource
Arbitrary file read vulnerability in Git server Plugin can lead to RCE High
CVE-2024-23899 was published for org.jenkins-ci.plugins:git-server (Maven) Jan 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database