VYPR

Maven package

io.qameta.allure/allure-generator

pkg:maven/io.qameta.allure/allure-generator

Vulnerabilities (1)

  • CVE-2026-33166HigMar 20, 2026
    affected < 2.38.0fixed 2.38.0

    Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-