Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

159 advisories

Loading
Jenkins Stored Cross-site Scripting vulnerability High
CVE-2023-39151 was published for org.jenkins-ci.main:jenkins-core (Maven) Jul 26, 2023
daniel-beck
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email High
CVE-2023-35155 was published for org.xwiki.platform:xwiki-platform-sharepage-api (Maven) Jun 20, 2023
Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-35145 was published for org.jenkins-ci.plugins:sonargraph-integration (Maven) Jun 14, 2023
Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-35146 was published for org.jenkins.plugin.templateWorkflows:template-workflows (Maven) Jun 14, 2023
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-32977 was published for org.jenkins-ci.plugins.workflow:workflow-job (Maven) May 16, 2023
TestComplete support Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-33002 was published for org.jenkins-ci.plugins:TestComplete (Maven) May 16, 2023
Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability High
CVE-2023-33007 was published for org.jenkins-ci.plugins:loadcomplete (Maven) May 16, 2023
Cross Site Scripting in OpenTSDB High
CVE-2023-25827 was published for net.opentsdb:opentsdb (Maven) May 3, 2023
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation High
CVE-2022-45064 was published for org.apache.sling:org.apache.sling.engine (Maven) Apr 13, 2023
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro High
CVE-2023-29207 was published for org.xwiki.platform:xwiki-platform-flamingo (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
Jenkins Quay.io trigger Plugin Cross-site Scripting vulnerability High
CVE-2023-30520 was published for org.jenkins-ci.plugins:quayio-trigger (Maven) Apr 12, 2023
Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting High
CVE-2023-28679 was published for javagh.jenkins:mashup-portlets-plugin (Maven) Apr 2, 2023
Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS) High
CVE-2023-28678 was published for org.jenkins-ci.plugins:cppcheck (Maven) Apr 2, 2023
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-28669 was published for org.jenkins-ci.plugins:jacoco (Maven) Apr 2, 2023
Jenkins Pipeline Aggregator View Plugin vulnerable to Cross-site Scripting High
CVE-2023-28670 was published for com.paul8620.jenkins.plugins:pipeline-aggregator-view (Maven) Apr 2, 2023
Cross-site Scripting vulnerability in Jenkins High
CVE-2023-27898 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel yakirk
XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data High
CVE-2023-26480 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Mar 3, 2023
Keycloak Cross-site Scripting on OpenID connect login service High
CVE-2022-4137 was published for org.keycloak:keycloak-parent (Maven) Mar 1, 2023
Gravitee API Management contains Path Traversal High
CVE-2022-38723 was published for io.gravitee.apim:gravitee-api-management (Maven) Jan 4, 2023
Stored XSS vulnerability in Jenkins Checkmarx Plugin High
CVE-2022-46684 was published for com.checkmarx.jenkins:checkmarx (Maven) Dec 12, 2022
NotMyFault
Jenkins Custom Build Properties Plugin vulnerable to Cross-site Scripting High
CVE-2022-46686 was published for io.jenkins.plugins:custom-build-properties (Maven) Dec 12, 2022
Cross-site Scripting in Jenkins Spring Config Plugin High
CVE-2022-46687 was published for io.jenkins.plugins:spring-config (Maven) Dec 12, 2022
Cross-site Scripting in Apache Hama High
CVE-2022-45470 was published for org.apache.hama:hama-core (Maven) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database