io.qameta.allure:allure-generator
Maven2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting io.qameta.allure:allure-generatorpage 1 of 1
- CVE-2026-33166HIGHCVSS 8.6EG 8.6✓ Fixed in 2.38.02026-03-20
vulnerable: 2.0-BETA8 ... 2.9.0 (68 versions)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An atta…
- CVE-2026-55847MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.39.02026-06-19
vulnerable: 2.0-BETA8 ... 2.9.0 (70 versions)
Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering ## Summary The `ansi.js` Handlebars helper in allure-generator passes user-controlled `statusMessage` and `statusTrace` values from test result files t…
Check whether io.qameta.allure:allure-generator is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.qameta.allure:allure-generator CVEs against the assets you own.
Start Free Scan →