GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
151 advisories
Filter by severity
Reposilite artifacts vulnerable to Stored Cross-site Scripting
High
CVE-2024-36115
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand
High
CVE-2024-47880
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
High
CVE-2024-47878
was published
for
org.openrefine:extensions
(Maven)
Oct 24, 2024
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28160
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28157
was published
for
org.jenkins-ci.plugins:gitbucket
(Maven)
Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28156
was published
for
org.jenkins-ci.plugins:build-monitor-plugin
(Maven)
Mar 6, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability
High
CVE-2024-28153
was published
for
org.jenkins-ci.plugins:dependency-check-jenkins-plugin
(Maven)
Mar 6, 2024
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
High
CVE-2020-5398
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
Cross-site Scripting vulnerability in Jenkins
High
CVE-2022-34170
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
High
CVE-2015-5346
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin
High
CVE-2024-23905
was published
for
io.jenkins.plugins:redhat-dependency-analytics
(Maven)
Jan 24, 2024
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin
High
CVE-2022-43420
was published
for
org.jenkins-ci.plugins:contrast-continuous-application-security
(Maven)
Oct 19, 2022
Cross-site Scripting in Jenkins Deployment Dashboard Plugin
High
CVE-2022-34795
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
High
CVE-2022-45380
was published
for
org.jenkins-ci.plugins:junit
(Maven)
Nov 16, 2022
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
High
CVE-2022-41224
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 22, 2022
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting
High
CVE-2023-28669
was published
for
org.jenkins-ci.plugins:jacoco
(Maven)
Apr 2, 2023
Cross-site Scripting vulnerability in Jenkins
High
CVE-2023-27898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
High
CVE-2022-43409
was published
for
org.jenkins-ci.plugins.workflow:workflow-support
(Maven)
Oct 19, 2022
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting
High
CVE-2023-32977
was published
for
org.jenkins-ci.plugins.workflow:workflow-job
(Maven)
May 16, 2023
Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting
High
CVE-2022-36922
was published
for
org.jenkins-ci.plugins:lucene-search
(Maven)
Jul 28, 2022
Cross-site Scripting in Jenkins Plot Plugin
High
CVE-2022-34783
was published
for
org.jenkins-ci.plugins:plot
(Maven)
Jul 1, 2022
Jenkins Cross-Site Scripting vulnerability in help icons
High
CVE-2020-2229
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
High
CVE-2021-22510
was published
for
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins upstream cause
High
CVE-2020-2221
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins 'keep forever' badge icon
High
CVE-2020-2222
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API