Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

727 advisories

Loading
WSO2 carbon-registry vulnerable to Cross-site Scripting Moderate
CVE-2022-4521 was published for org.wso2.carbon.registry:carbon-registry (Maven) Dec 15, 2022
WSO2 carbon-registry Cross-site Scripting vulnerability Moderate
CVE-2022-4520 was published for org.wso2.carbon.registry:carbon-registry (Maven) Dec 15, 2022
Cross-site Scripting in Jenkins Spring Config Plugin High
CVE-2022-46687 was published for io.jenkins.plugins:spring-config (Maven) Dec 12, 2022
Jenkins Custom Build Properties Plugin vulnerable to Cross-site Scripting High
CVE-2022-46686 was published for io.jenkins.plugins:custom-build-properties (Maven) Dec 12, 2022
Stored XSS vulnerability in Jenkins Checkmarx Plugin High
CVE-2022-46684 was published for com.checkmarx.jenkins:checkmarx (Maven) Dec 12, 2022
NotMyFault
Mingsoft MCMS vulnerable to Cross-site Scripting Moderate
CVE-2022-4350 was published for net.mingsoft:ms-mcms (Maven) Dec 8, 2022
RuoYi-Cloud Cross-site Scripting vulnerability Moderate
CVE-2022-4348 was published for com.ruoyi:ruoyi-common (Maven) Dec 8, 2022
Cross-site Scripting in Apache Hama High
CVE-2022-45470 was published for org.apache.hama:hama-core (Maven) Nov 21, 2022
Jenkins BART Plugin vulnerable to cross-site scripting (XSS) High
CVE-2022-45387 was published for org.jenkins-ci.plugins:bart (Maven) Nov 16, 2022
NotMyFault
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS) High
CVE-2022-45401 was published for org.jenkins-ci.main:associated-files-plugin (Maven) Nov 16, 2022
NotMyFault
Cross-site Scripting in Jenkins Naginator Plugin Moderate
CVE-2022-45382 was published for org.jenkins-ci.plugins:naginator (Maven) Nov 16, 2022
NotMyFault
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion High
CVE-2022-45380 was published for org.jenkins-ci.plugins:junit (Maven) Nov 16, 2022
NotMyFault
Reflected Cross site scripting (XSS) in kairosdb Moderate
CVE-2019-19040 was published for org.kairosdb:kairosdb (Maven) Nov 3, 2022
Apache Sling App CMS vulnerable to Cross-site Scripting Moderate
CVE-2022-43670 was published for org.apache.sling:org.apache.sling.cms (Maven) Nov 2, 2022
Apache Geode vulnerable to Cross-Site Scripting Moderate
CVE-2022-34870 was published for org.apache.geode:geode-core (Maven) Oct 25, 2022
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin High
CVE-2022-43409 was published for org.jenkins-ci.plugins.workflow:workflow-support (Maven) Oct 19, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-43425 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Oct 19, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin High
CVE-2022-43420 was published for org.jenkins-ci.plugins:contrast-continuous-application-security (Maven) Oct 19, 2022
NotMyFault
Apache Isis Cross-site Scripting vulnerability Moderate
CVE-2022-42466 was published for org.apache.isis.core:isis-core (Maven) Oct 19, 2022
Lithium vulnerable to Cross Site Scripting in provided Swagger-UI High
GHSA-f36p-42jv-8rh2 was published for com.wire.bots:lithium (Maven) Sep 30, 2022
comawill
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles Moderate
CVE-2022-2256 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component High
CVE-2022-41224 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 22, 2022
NotMyFault
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting High
CVE-2022-41225 was published for org.jenkins-ci.plugins:anchore-container-scanner (Maven) Sep 22, 2022
NotMyFault
Stored XSS vulnerability in Jenkins DotCi Plugin High
CVE-2022-41239 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting High
CVE-2022-41229 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database