Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

635 advisories

Loading
Apache Tomcat XSS Vulnerability Moderate
CVE-2006-7195 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Cross-site scripting in Apache Tomcat Moderate
CVE-2006-7196 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Geronimo console 1.0 vulnerable to cross-site scripting Moderate
CVE-2006-0254 was published for geronimo:geronimo-console-standard (Maven) May 1, 2022
westonsteimel
Apache Tomcat XSS Vulnerability Moderate
CVE-2002-1567 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Jakarta Tomcat cross-site scripting (XSS) vulnerability Moderate
CVE-2003-0044 was published for org.apache.tomcat:tomcat (Maven) Apr 29, 2022
Reflected XSS on clients-registrations endpoint Moderate
GHSA-m98g-63qj-fp8j was published for org.keycloak:keycloak-parent (Maven) Apr 28, 2022
Cross-site Scripting in org.owasp.esapi:esapi Moderate
CVE-2022-24891 was published for org.owasp.esapi:esapi (Maven) Apr 27, 2022
xeno6696 kwwall
Page Compare Reflected Cross-site Scripting (XSS) vulnerability Moderate
CVE-2022-28820 was published for com.adobe.acs:acs-aem-commons (Maven) Apr 26, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via web content template names Moderate
CVE-2022-26596 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 26, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via the site name Moderate
CVE-2022-26597 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 26, 2022
Jenkins CI Game Plugin allows Cross-Site Scripting (XSS) Moderate
CVE-2012-4441 was published for org.jenkins-ci.plugins:ci-game (Maven) Apr 23, 2022
Jenkins Violation Plugin allows Cross-Site Scripting (XSS) Moderate
CVE-2012-4440 was published for org.jenkins-ci.plugins:violations (Maven) Apr 23, 2022
Jenkins allows Cross-Site Scripting (XSS) via Crafted URL Moderate
CVE-2012-4439 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 23, 2022
Cross-site Scripting in OWASP AntiSamy Moderate
CVE-2022-28367 was published for org.owasp.antisamy:antisamy (Maven) Apr 23, 2022
Cross-site Scripting in OWASP AntiSamy Moderate
CVE-2022-29577 was published for org.owasp.antisamy:antisamy (Maven) Apr 23, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category Moderate
CVE-2022-26593 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 20, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via form field Moderate
CVE-2022-26594 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 16, 2022
Stored XSS in Jenkins CVS Plugin Moderate
CVE-2022-29037 was published for org.jenkins-ci.plugins:cvs (Maven) Apr 13, 2022
westonsteimel
Cross-site Scripting in Jenkins Credentials Plugin Moderate
CVE-2022-29036 was published for org.jenkins-ci.plugins:credentials (Maven) Apr 13, 2022
Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin Moderate
CVE-2022-29038 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Apr 13, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Git Parameter Plugin Moderate
CVE-2022-29040 was published for org.jenkins-ci.tools:git-parameter (Maven) Apr 13, 2022
westonsteimel
Stored Cross-site Scripting vulnerability in Jenkins Job Generator Plugin Moderate
CVE-2022-29042 was published for org.jenkins-ci.plugins:jobgenerator (Maven) Apr 13, 2022
NotMyFault
Stored Cross-site Scripting in Jenkins Mask Passwords Plugin Moderate
CVE-2022-29043 was published for org.jenkins-ci.plugins:mask-passwords (Maven) Apr 13, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin Moderate
CVE-2022-29046 was published for org.jenkins-ci.plugins:subversion (Maven) Apr 13, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin Moderate
CVE-2022-29041 was published for org.jenkins-ci.plugins:jira (Maven) Apr 13, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database