GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
727 advisories
Filter by severity
Cross-site Scripting in JFinalCMS
Moderate
CVE-2023-49486
was published
for
com.jfinal:jfinal
(Maven)
Dec 8, 2023
Cross-site Scripting in JFinalCMS
Moderate
CVE-2023-49485
was published
for
com.jfinal:jfinal
(Maven)
Dec 8, 2023
Cross-site Scripting in JFinalCMS
Moderate
CVE-2023-49487
was published
for
com.jfinal:jfinal
(Maven)
Dec 8, 2023
Improper Neutralization of Input in Advanced User Interface for Jolt
High
CVE-2023-49145
was published
for
org.apache.nifi:nifi-jolt-transform-json-ui
(Maven)
Nov 28, 2023
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40813
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40815
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40814
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40816
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40817
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40809
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40810
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40812
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Liferay Portal XSS with `p_l_back_url_title` on edit content page
Critical
CVE-2023-47797
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 17, 2023
OpenNMS Cross-site Scripting vulnerability
Moderate
CVE-2023-40314
was published
for
org.opennms:opennms-webapp
(Maven)
Nov 17, 2023
xxl-job-admin vulnerable to Cross Site Scripting
Moderate
CVE-2023-48088
was published
for
com.xuxueli:xxl-job-admin
(Maven)
Nov 15, 2023
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Critical
CVE-2023-46732
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Nov 8, 2023
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
Critical
CVE-2023-45137
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
Critical
CVE-2023-45136
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider
Critical
CVE-2023-45134
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
Critical
CVE-2023-37908
was published
for
org.xwiki.rendering:xwiki-rendering-xml
(Maven)
Oct 25, 2023
Stored XSS vulnerability in Jenkins GitHub Plugin
High
CVE-2023-46650
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Oct 25, 2023
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS
High
CVE-2023-46659
was published
for
org.jenkins-ci.plugins:trac
(Maven)
Oct 25, 2023
Yamcs Cross-site Scripting vulnerability
Moderate
CVE-2023-45280
was published
for
org.yamcs:yamcs
(Maven)
Oct 20, 2023
Yamcs Cross-site Scripting vulnerability
Moderate
CVE-2023-45279
was published
for
org.yamcs:yamcs
(Maven)
Oct 20, 2023
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter
Critical
CVE-2023-45144
was published
for
com.xwiki.identity-oauth:identity-oauth-ui
(Maven)
Oct 17, 2023
ProTip!
Advisories are also available from the
GraphQL API