Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

151 advisories

Loading
Reposilite artifacts vulnerable to Stored Cross-site Scripting High
CVE-2024-36115 was published for com.reposilite:reposilite-backend (Maven) Aug 2, 2024
artsploit
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand High
CVE-2024-47880 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt) High
CVE-2024-47878 was published for org.openrefine:extensions (Maven) Oct 24, 2024
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28160 was published for org.jenkins-ci.plugins:icescrum (Maven) Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28157 was published for org.jenkins-ci.plugins:gitbucket (Maven) Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28156 was published for org.jenkins-ci.plugins:build-monitor-plugin (Maven) Mar 6, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability High
CVE-2024-28153 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) Mar 6, 2024
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis sunSUNQ
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34170 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault sunSUNQ
Improper Neutralization of Input During Web Page Generation in Apache Tomcat High
CVE-2015-5346 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin High
CVE-2024-23905 was published for io.jenkins.plugins:redhat-dependency-analytics (Maven) Jan 24, 2024
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin High
CVE-2022-43420 was published for org.jenkins-ci.plugins:contrast-continuous-application-security (Maven) Oct 19, 2022
NotMyFault
Cross-site Scripting in Jenkins Deployment Dashboard Plugin High
CVE-2022-34795 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion High
CVE-2022-45380 was published for org.jenkins-ci.plugins:junit (Maven) Nov 16, 2022
NotMyFault
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component High
CVE-2022-41224 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 22, 2022
NotMyFault
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-28669 was published for org.jenkins-ci.plugins:jacoco (Maven) Apr 2, 2023
Cross-site Scripting vulnerability in Jenkins High
CVE-2023-27898 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel yakirk
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin High
CVE-2022-43409 was published for org.jenkins-ci.plugins.workflow:workflow-support (Maven) Oct 19, 2022
NotMyFault
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-32977 was published for org.jenkins-ci.plugins.workflow:workflow-job (Maven) May 16, 2023
Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting High
CVE-2022-36922 was published for org.jenkins-ci.plugins:lucene-search (Maven) Jul 28, 2022
Cross-site Scripting in Jenkins Plot Plugin High
CVE-2022-34783 was published for org.jenkins-ci.plugins:plot (Maven) Jul 1, 2022
NotMyFault
Jenkins Cross-Site Scripting vulnerability in help icons High
CVE-2020-2229 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin High
CVE-2021-22510 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins upstream cause High
CVE-2020-2221 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins 'keep forever' badge icon High
CVE-2020-2222 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API