GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
156 advisories
Filter by severity
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
High
CVE-2020-5398
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
Reflected Cross-site Scripting in ACS Commons
High
CVE-2021-21028
was published
for
com.adobe.acs:acs-aem-commons
(Maven)
Feb 2, 2021
Code injection in keycloak
High
CVE-2021-20222
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2021
Cross-Site Scripting
High
CVE-2021-20293
was published
for
org.jboss.resteasy:resteasy-bom
(Maven)
Jun 15, 2021
Cross site scripting in registration template in xwiki-platform
High
CVE-2022-23622
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Feb 9, 2022
Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin
High
CVE-2022-25191
was published
for
io.jenkins.plugins:agent-server-parameter
(Maven)
Feb 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin
High
CVE-2022-25189
was published
for
io.jenkins.plugins:custom-checkbox-parameter
(Maven)
Feb 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin
High
CVE-2022-27213
was published
for
io.jenkins.plugins:environment-dashboard
(Maven)
Mar 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin
High
CVE-2022-27202
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin
High
CVE-2022-28149
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin
High
CVE-2022-28145
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
High
CVE-2022-29049
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
Apr 13, 2022
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin
High
CVE-2022-29045
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
Apr 13, 2022
Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
High
CVE-2022-29039
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
Apr 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
High
CVE-2015-5346
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Cross-site Scripting in Jenkins Rundeck Plugin
High
CVE-2022-30956
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin
High
CVE-2022-30961
was published
for
org.jenkins-ci.plugins:autocomplete-parameter
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins JDK Parameter Plugin
High
CVE-2022-30963
was published
for
org.jenkins-ci.plugins:JDK_Parameter_Plugin
(Maven)
May 18, 2022
Stored Cross-site Scripting vulnerabilities in Jenkins promoted Builds (Simple) plugin providing additional parameter types
High
CVE-2022-30965
was published
for
org.jenkins-ci.plugins:promoted-builds-simple
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins Global Variable String Parameter Plugin
High
CVE-2022-30962
was published
for
org.jenkins-ci.plugins:global-variable-string-parameter
(Maven)
May 18, 2022
Cross site scripting in Jenkins Selection tasks Plugin
High
CVE-2022-30967
was published
for
org.jvnet.hudson.plugins:selection-tasks-plugin
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins Application Detector Plugin
High
CVE-2022-30960
was published
for
org.jenkins-ci.plugins:app-detector
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins Multiselect parameter Plugin
High
CVE-2022-30964
was published
for
io.jenkins.plugins:multiselect-parameter
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins vboxwrapper Plugin
High
CVE-2022-30968
was published
for
org.jenkins-ci.plugins:vboxwrapper
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin
High
CVE-2022-30970
was published
for
org.jenkins-ci.plugins:autocomplete-parameter
(Maven)
May 18, 2022
ProTip!
Advisories are also available from the
GraphQL API