Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

151 advisories

Loading
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand High
CVE-2024-47880 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt) High
CVE-2024-47878 was published for org.openrefine:extensions (Maven) Oct 24, 2024
Reposilite artifacts vulnerable to Stored Cross-site Scripting High
CVE-2024-36115 was published for com.reposilite:reposilite-backend (Maven) Aug 2, 2024
artsploit
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28160 was published for org.jenkins-ci.plugins:icescrum (Maven) Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28157 was published for org.jenkins-ci.plugins:gitbucket (Maven) Mar 6, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability High
CVE-2024-28153 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28156 was published for org.jenkins-ci.plugins:build-monitor-plugin (Maven) Mar 6, 2024
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin High
CVE-2024-23905 was published for io.jenkins.plugins:redhat-dependency-analytics (Maven) Jan 24, 2024
Cross Site Request Forgery in Silverpeas High
CVE-2023-47322 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Improper Neutralization of Input in Advanced User Interface for Jolt High
CVE-2023-49145 was published for org.apache.nifi:nifi-jolt-transform-json-ui (Maven) Nov 28, 2023
exceptionfactory
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS High
CVE-2023-46659 was published for org.jenkins-ci.plugins:trac (Maven) Oct 25, 2023
Stored XSS vulnerability in Jenkins GitHub Plugin High
CVE-2023-46650 was published for com.coravy.hudson.plugins.github:github (Maven) Oct 25, 2023
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability High
CVE-2023-43499 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) Sep 20, 2023
Jenkins Cross-site Scripting vulnerability High
CVE-2023-43495 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
Jenkins Shortcut Job Plugin stored cross-site scripting vulnerability High
CVE-2023-40346 was published for io.jenkins.plugins:shortcut-job (Maven) Aug 16, 2023
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability High
CVE-2023-40350 was published for org.jenkins-ci.plugins:docker-swarm (Maven) Aug 16, 2023
Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability High
CVE-2023-40342 was published for org.jenkins-ci.plugins:flaky-test-handler (Maven) Aug 16, 2023
Jenkins Stored Cross-site Scripting vulnerability High
CVE-2023-39151 was published for org.jenkins-ci.main:jenkins-core (Maven) Jul 26, 2023
daniel-beck
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email High
CVE-2023-35155 was published for org.xwiki.platform:xwiki-platform-sharepage-api (Maven) Jun 20, 2023
Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-35146 was published for org.jenkins.plugin.templateWorkflows:template-workflows (Maven) Jun 14, 2023
Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-35145 was published for org.jenkins-ci.plugins:sonargraph-integration (Maven) Jun 14, 2023
TestComplete support Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-33002 was published for org.jenkins-ci.plugins:TestComplete (Maven) May 16, 2023
Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability High
CVE-2023-33007 was published for org.jenkins-ci.plugins:loadcomplete (Maven) May 16, 2023
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-32977 was published for org.jenkins-ci.plugins.workflow:workflow-job (Maven) May 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database