GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
XSS Cross Site Scripting
Critical
CVE-2021-29459
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 22, 2021
keycloak Self Stored Cross-site Scripting vulnerability
Critical
CVE-2021-20195
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 8, 2021
Cross-site Scripting in com.erudika:para-core
Critical
CVE-2022-1782
was published
for
com.erudika:para-core
(Maven)
May 19, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
Java Melody vulnerable to cross-site scripting
Critical
CVE-2016-1000273
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Jul 20, 2022
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Critical
CVE-2022-36098
was published
for
org.xwiki.platform:xwiki-platform-mentions-ui
(Maven)
Sep 16, 2022
org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability
Critical
CVE-2023-29201
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
Critical
CVE-2023-29202
was published
for
org.xwiki.platform:xwiki-core-rendering-macro-rss
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
Critical
CVE-2023-29205
was published
for
org.xwiki.platform:xwiki-platform-rendering-xwiki
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins
Critical
CVE-2023-29206
was published
for
org.xwiki.platform:xwiki-platform-skin-skinx
(Maven)
Apr 12, 2023
Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml
Critical
CVE-2023-29528
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 20, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template
Critical
CVE-2023-32071
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
May 9, 2023
Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml
Critical
CVE-2023-31126
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
May 9, 2023
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
Critical
CVE-2023-32070
was published
for
org.xwiki.platform:xwiki-core-rendering-api
(Maven)
May 11, 2023
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
Critical
CVE-2023-34464
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
Critical
CVE-2023-35153
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template
Critical
CVE-2023-35162
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
Critical
CVE-2023-35156
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
Critical
CVE-2023-35159
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
Critical
CVE-2023-35160
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
Critical
CVE-2023-35161
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 22, 2023
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
Critical
CVE-2022-4361
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages
Critical
CVE-2023-36477
was published
for
org.xwiki.contrib:application-ckeditor-ui
(Maven)
Jun 30, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
Critical
CVE-2023-36471
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Jun 30, 2023
ProTip!
Advisories are also available from the
GraphQL API