Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4 advisories

Loading
Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering Moderate
CVE-2026-55847 was published for io.qameta.allure:allure-generator (Maven) Jun 19, 2026
offset Credited to offset and baev baev baev
Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read Moderate
CVE-2026-55846 was published for io.qameta.allure:allure-commandline (Maven) Jun 19, 2026
offset Credited to offset and baev baev baev
Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers) High
CVE-2026-33166 was published for io.qameta.allure:allure-generator (Maven) Mar 18, 2026
ThanosTsiamis Credited to ThanosTsiamis and baev baev baev
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory High
CVE-2025-52888 was published for io.qameta.allure.plugins:junit-xml-plugin (Maven) Jun 25, 2025
DerekHaber Credited to DerekHaber and baev baev baev
ProTip! Advisories are also available from the GraphQL API