Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

727 advisories

Loading
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template Critical
CVE-2023-35159 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template Critical
CVE-2023-35156 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 22, 2023
Broadleaf vulnerable to Cross-site Scripting Moderate
CVE-2023-33725 was published for org.broadleafcommerce:broadleaf (Maven) Jun 21, 2023
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template Critical
CVE-2023-35162 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 20, 2023
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email High
CVE-2023-35155 was published for org.xwiki.platform:xwiki-platform-sharepage-api (Maven) Jun 20, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters Critical
CVE-2023-35153 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 20, 2023
renniepak
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template Critical
CVE-2023-34464 was published for org.xwiki.platform:xwiki-platform-web (Maven) Jun 20, 2023
Alluxio Cross Site Scripting vulnerability Moderate
CVE-2020-21485 was published for org.alluxio:alluxio-parent (Maven) Jun 20, 2023
Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-35146 was published for org.jenkins.plugin.templateWorkflows:template-workflows (Maven) Jun 14, 2023
Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-35145 was published for org.jenkins-ci.plugins:sonargraph-integration (Maven) Jun 14, 2023
Stored XSS vulnerability in Jenkins Maven Repository Server Plugin Moderate
CVE-2023-35143 was published for jenkins:repository (Maven) Jun 14, 2023
Stored XSS vulnerability in Jenkins Maven Repository Server Plugin Moderate
CVE-2023-35144 was published for jenkins:repository (Maven) Jun 14, 2023
JStachio XSS vulnerability: Unescaped single quotes Moderate
CVE-2023-33962 was published for io.jstach:jstachio (Maven) Jun 6, 2023
casid
Apache JSPWiki vulnerable to cross-site scripting on several plugins Moderate
CVE-2022-46907 was published for org.apache.jspwiki:jspwiki-main (Maven) May 25, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33944 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33937 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33938 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33939 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33940 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33941 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33942 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33943 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
alkacon-OpenCMS vulnerable to stored Cross-site Scripting Moderate
CVE-2023-31544 was published for org.opencms:opencms-core (Maven) May 16, 2023
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-32977 was published for org.jenkins-ci.plugins.workflow:workflow-job (Maven) May 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database