Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

727 advisories

Loading
Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting High
CVE-2023-28679 was published for javagh.jenkins:mashup-portlets-plugin (Maven) Apr 2, 2023
Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS) High
CVE-2023-28678 was published for org.jenkins-ci.plugins:cppcheck (Maven) Apr 2, 2023
Apache Archiva vulnerable to privilege escalation via stored cross-site scripting (XSS) Moderate
CVE-2023-28158 was published for org.apache.archiva:archiva (Maven) Mar 29, 2023
ONOS vulnerable to reflected cross-site scripting Moderate
CVE-2023-24279 was published for org.onosproject:onos-archetypes (Maven) Mar 14, 2023
edoardottt
Cross-site Scripting vulnerability in Jenkins High
CVE-2023-27898 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel yakirk
Cross site scripting vulnerability in update-center2 Moderate
CVE-2023-27905 was published for org.jenkins-ci:update-center2 (Maven) Mar 10, 2023
yakirk
XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data High
CVE-2023-26480 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Mar 3, 2023
HTML Injection in Keycloak Admin REST API Moderate
CVE-2022-1274 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
Keycloak Cross-site Scripting on OpenID connect login service High
CVE-2022-4137 was published for org.keycloak:keycloak-parent (Maven) Mar 1, 2023
Keycloak vulnerable to Cross-site Scripting Moderate
CVE-2022-1438 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
Cross-site Scripting in Quarkus Moderate
CVE-2023-0044 was published for io.quarkus:quarkus-vertx-http (Maven) Feb 23, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting Moderate
CVE-2023-0868 was published for org.opennms:opennms-webapp (Maven) Feb 23, 2023
Cross Site Scripting in OpenNMS Moderate
CVE-2023-0869 was published for org.opennms:opennms-web-api (Maven) Feb 23, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting Moderate
CVE-2023-0867 was published for org.opennms:opennms (Maven) Feb 23, 2023
OpenNMS Horizon and Meridian vulnerable to Cross-site Scripting Moderate
CVE-2023-0846 was published for org.opennms:opennms (Maven) Feb 22, 2023
Cross-site Scripting in Jenkins Pipeline: Build Step Plugin Moderate
CVE-2023-25762 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins Email Extension Plugin Moderate
CVE-2023-25763 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins Email Extension Plugin Moderate
CVE-2023-25764 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins JUnit Plugin Moderate
CVE-2023-25761 was published for org.jenkins-ci.plugins:junit (Maven) Feb 15, 2023
Sling App CMS Cross-site Scripting vulnerability Moderate
CVE-2023-22849 was published for org.apache.sling:org.apache.sling.cms (Maven) Feb 4, 2023
Apache Sling App CMS vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-46769 was published for org.apache.sling:org.apache.sling.cms (Maven) Jan 9, 2023
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution Moderate
CVE-2021-32828 was published for org.nuxeo.ecm.platform:nuxeo-platform-oauth (Maven) Jan 6, 2023
Gravitee API Management contains Path Traversal High
CVE-2022-38723 was published for io.gravitee.apim:gravitee-api-management (Maven) Jan 4, 2023
Mingsoft MCMS Cross-site Scripting vulnerability Moderate
CVE-2022-4640 was published for net.mingsoft:ms-mcms (Maven) Dec 22, 2022
Apache Zeppelin Cross-site Scripting vulnerability Moderate
CVE-2022-46870 was published for org.apache.zeppelin:zeppelin (Maven) Dec 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database