GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
730 advisories
Filter by severity
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Moderate
GHSA-64gp-r758-8pfm
was published
for
org.jboss.hal:hal-console
(Maven)
Dec 23, 2024
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Moderate
CVE-2023-37940
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 18, 2024
Liferay Portal and Liferay DXP vulnerable to Criss-site Scripting
Moderate
CVE-2024-11993
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 17, 2024
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability
High
CVE-2024-54003
was published
for
io.jenkins.plugins:simple-queue
(Maven)
Nov 27, 2024
FitNesse Cross-site scripting
Moderate
CVE-2024-39610
was published
for
org.fitnesse:fitnesse
(Maven)
Nov 15, 2024
Stored XSS vulnerability in Jenkins Authorize Project Plugin
High
CVE-2024-52552
was published
for
org.jenkins-ci.plugins:authorize-project
(Maven)
Nov 13, 2024
powertac-server XML External Entity vulnerability
High
CVE-2024-51135
was published
for
org.powertac:server-interface
(Maven)
Nov 11, 2024
hibernate-validator Cross-site Scripting vulnerability
Moderate
CVE-2023-1932
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Nov 7, 2024
Apache NiFi Cross-site Scripting vulnerability
Moderate
CVE-2024-45477
was published
for
org.apache.nifi:nifi-web-ui
(Maven)
Oct 29, 2024
OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project
Moderate
CVE-2024-47882
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand
High
CVE-2024-47880
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
High
CVE-2024-47878
was published
for
org.openrefine:extensions
(Maven)
Oct 24, 2024
Apache Syncope: Stored XSS in Console and Enduser
Moderate
CVE-2024-45031
was published
for
org.apache.syncope.client:syncope-client-console
(Maven)
Oct 24, 2024
XWiki Platform allows XSS through XClass name in string properties
Critical
CVE-2024-43400
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Aug 19, 2024
Reposilite artifacts vulnerable to Stored Cross-site Scripting
High
CVE-2024-36115
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
Apache Syncope Improper Input Validation vulnerability
High
CVE-2024-38503
was published
for
org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
(Maven)
Jul 22, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Silverpeas Core Cross-site Scripting vulnerability
Moderate
CVE-2024-39031
was published
for
org.silverpeas.core:silverpeas-core-rs
(Maven)
Jul 9, 2024
Apache NiFi vulnerable to Cross-site Scripting
Moderate
CVE-2024-37389
was published
for
org.apache.nifi:nifi-web-ui
(Maven)
Jul 8, 2024
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Low
CVE-2024-38364
was published
for
org.dspace:dspace-server-webapp
(Maven)
Jun 25, 2024
Cross site scripting in Apache JSPWiki
Moderate
CVE-2024-27136
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 24, 2024
OpenCMS Cross-Site Scripting vulnerability
Moderate
CVE-2024-5520
was published
for
org.opencms:opencms-core
(Maven)
May 30, 2024
Eclipse Ditto vulnerable to Cross-site Scripting
Moderate
CVE-2024-5165
was published
for
org.eclipse.ditto:ditto
(Maven)
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API