Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

791 advisories

Loading
Cross-site Scripting in Eclipse Hawkbit Moderate
CVE-2020-27219 was published for org.eclipse.hawkbit:hawkbit-parent (Maven) Feb 9, 2022
Cross-site Scripting (XSS) in Apache ActiveMQ Artemis Moderate
CVE-2020-13932 was published for org.apache.activemq:apache-artemis (Maven) Feb 9, 2022
Cross-site scripting (XSS) in Apache ActiveMQ Moderate
CVE-2020-13947 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Cross-site Scripting in keycloak Moderate
CVE-2020-10776 was published for org.keycloak:keycloak-server-spi-private (Maven) Feb 9, 2022
Cross-site Scripting in Keycloak Moderate
CVE-2020-10748 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Cross-site Scripting in Apache Knox SSO Moderate
CVE-2021-42357 was published for org.apache.knox:gateway-service-knoxsso (Maven) Jan 21, 2022
Stored XSS vulnerability in Matrix Project Plugin Moderate
CVE-2022-20615 was published for org.jenkins-ci.plugins:matrix-project (Maven) Jan 13, 2022
westonsteimel
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23110 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Badge Plugin Moderate
CVE-2022-23108 was published for org.jenkins-ci.plugins:badge (Maven) Jan 13, 2022
westonsteimel
Cross-site Scripting in Apache Pluto Moderate
CVE-2021-36739 was published for org.apache.portals.pluto:pluto-portal (Maven) Jan 8, 2022
Cross-site Scripting in Apache Pluto Moderate
CVE-2021-36737 was published for org.apache.portals.pluto:pluto-portal (Maven) Jan 8, 2022
Cross-site Scripting in Apache Pluto Moderate
CVE-2021-36738 was published for org.apache.portals.pluto:pluto-portal (Maven) Jan 8, 2022
Cross-site scripting in Apache NiFi Moderate
CVE-2020-1933 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
Cross-site Scripting (XSS) in Apache Ambari Views Moderate
CVE-2020-1936 was published for org.apache.ambari:ambari (Maven) Jan 6, 2022
Cross-site scripting in Apache Syncome EndUser Low
CVE-2019-17557 was published for org.apache.syncope.client:syncope-client-enduser (Maven) Jan 6, 2022
Stored XSS vulnerability in Jenkins Scriptler Plugin Moderate
CVE-2021-21667 was published for org.jenkins-ci.plugins:scriptler (Maven) Jan 6, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Scriptler Plugin Moderate
CVE-2021-21668 was published for org.jenkins-ci.plugins:scriptler (Maven) Jan 6, 2022
NotMyFault
Cross-site Scripting in Apereo CAS Moderate
CVE-2021-42567 was published for org.apereo.cas:cas-server-core-web (Maven) Dec 10, 2021
tdunlap607
Apache JSPWiki Cross-site Scripting due to carefully crafted plugin link invocation Moderate
CVE-2021-40369 was published for org.apache.jspwiki:jspwiki-main (Maven) Dec 2, 2021
Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14 Moderate
CVE-2021-33611 was published for com.vaadin:vaadin-bom (Maven) Nov 3, 2021
XSS in `*Text` options of the Datepicker widget in jquery-ui Moderate
CVE-2021-41183 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
XSS in the `of` option of the `.position()` util in jquery-ui Moderate
CVE-2021-41184 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena A-Fitz-Nelnet
XSS in the `altField` option of the Datepicker widget in jquery-ui Moderate
CVE-2021-41182 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
Cross-site Scripting in XXL-JOB Moderate
CVE-2020-29204 was published for com.xuxueli:xxl-job-core (Maven) Oct 12, 2021
Cross-site Scripting in OpenCRX Moderate
CVE-2021-25959 was published for org.opencrx:opencrx-client (Maven) Sep 30, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database