Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

516 advisories

Loading
Cross site scripting vulnerability in update-center2 Moderate
CVE-2023-27905 was published for org.jenkins-ci:update-center2 (Maven) Mar 10, 2023
yakirk
HTML Injection in Keycloak Admin REST API Moderate
CVE-2022-1274 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
Keycloak vulnerable to Cross-site Scripting Moderate
CVE-2022-1438 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
Cross-site Scripting in Quarkus Moderate
CVE-2023-0044 was published for io.quarkus:quarkus-vertx-http (Maven) Feb 23, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting Moderate
CVE-2023-0867 was published for org.opennms:opennms (Maven) Feb 23, 2023
Cross Site Scripting in OpenNMS Moderate
CVE-2023-0869 was published for org.opennms:opennms-web-api (Maven) Feb 23, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting Moderate
CVE-2023-0868 was published for org.opennms:opennms-webapp (Maven) Feb 23, 2023
OpenNMS Horizon and Meridian vulnerable to Cross-site Scripting Moderate
CVE-2023-0846 was published for org.opennms:opennms (Maven) Feb 22, 2023
Cross-site Scripting in Jenkins Pipeline: Build Step Plugin Moderate
CVE-2023-25762 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins Email Extension Plugin Moderate
CVE-2023-25764 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins Email Extension Plugin Moderate
CVE-2023-25763 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins JUnit Plugin Moderate
CVE-2023-25761 was published for org.jenkins-ci.plugins:junit (Maven) Feb 15, 2023
Sling App CMS Cross-site Scripting vulnerability Moderate
CVE-2023-22849 was published for org.apache.sling:org.apache.sling.cms (Maven) Feb 4, 2023
Apache Sling App CMS vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-46769 was published for org.apache.sling:org.apache.sling.cms (Maven) Jan 9, 2023
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution Moderate
CVE-2021-32828 was published for org.nuxeo.ecm.platform:nuxeo-platform-oauth (Maven) Jan 6, 2023
Mingsoft MCMS Cross-site Scripting vulnerability Moderate
CVE-2022-4640 was published for net.mingsoft:ms-mcms (Maven) Dec 22, 2022
Apache Zeppelin Cross-site Scripting vulnerability Moderate
CVE-2022-46870 was published for org.apache.zeppelin:zeppelin (Maven) Dec 20, 2022
WSO2 carbon-registry vulnerable to Cross-site Scripting Moderate
CVE-2022-4521 was published for org.wso2.carbon.registry:carbon-registry (Maven) Dec 15, 2022
WSO2 carbon-registry Cross-site Scripting vulnerability Moderate
CVE-2022-4520 was published for org.wso2.carbon.registry:carbon-registry (Maven) Dec 15, 2022
Mingsoft MCMS vulnerable to Cross-site Scripting Moderate
CVE-2022-4350 was published for net.mingsoft:ms-mcms (Maven) Dec 8, 2022
RuoYi-Cloud Cross-site Scripting vulnerability Moderate
CVE-2022-4348 was published for com.ruoyi:ruoyi-common (Maven) Dec 8, 2022
Cross-site Scripting in Jenkins Naginator Plugin Moderate
CVE-2022-45382 was published for org.jenkins-ci.plugins:naginator (Maven) Nov 16, 2022
NotMyFault
Reflected Cross site scripting (XSS) in kairosdb Moderate
CVE-2019-19040 was published for org.kairosdb:kairosdb (Maven) Nov 3, 2022
Apache Sling App CMS vulnerable to Cross-site Scripting Moderate
CVE-2022-43670 was published for org.apache.sling:org.apache.sling.cms (Maven) Nov 2, 2022
Apache Geode vulnerable to Cross-Site Scripting Moderate
CVE-2022-34870 was published for org.apache.geode:geode-core (Maven) Oct 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database