Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

635 advisories

Loading
Cross-site Scripting by SVG upload in xwiki-platform Moderate
CVE-2021-43841 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 10, 2022
Cross-site scripting in Apache Atlas Moderate
CVE-2020-13928 was published for org.apache.atlas:apache-atlas (Maven) Feb 10, 2022
Cross-site scripting in Crafter CMS Crafter Studio Moderate
CVE-2017-15686 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
TwitterServer Cross-site Scripting via /histograms endpoint Moderate
CVE-2020-35774 was published for com.twitter:twitter-server_2.12 (Maven) Feb 9, 2022
Cross-site Scripting in Eclipse Hawkbit Moderate
CVE-2020-27219 was published for org.eclipse.hawkbit:hawkbit-parent (Maven) Feb 9, 2022
Cross-site Scripting (XSS) in Apache ActiveMQ Artemis Moderate
CVE-2020-13932 was published for org.apache.activemq:apache-artemis (Maven) Feb 9, 2022
Cross-site scripting (XSS) in Apache ActiveMQ Moderate
CVE-2020-13947 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Cross-site Scripting in keycloak Moderate
CVE-2020-10776 was published for org.keycloak:keycloak-server-spi-private (Maven) Feb 9, 2022
Cross-site Scripting in Keycloak Moderate
CVE-2020-10748 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Cross-site Scripting in Apache Knox SSO Moderate
CVE-2021-42357 was published for org.apache.knox:gateway-service-knoxsso (Maven) Jan 21, 2022
Stored XSS vulnerability in Matrix Project Plugin Moderate
CVE-2022-20615 was published for org.jenkins-ci.plugins:matrix-project (Maven) Jan 13, 2022
westonsteimel
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23110 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Badge Plugin Moderate
CVE-2022-23108 was published for org.jenkins-ci.plugins:badge (Maven) Jan 13, 2022
westonsteimel
Cross-site Scripting in Apache Pluto Moderate
CVE-2021-36739 was published for org.apache.portals.pluto:pluto-portal (Maven) Jan 8, 2022
Cross-site Scripting in Apache Pluto Moderate
CVE-2021-36737 was published for org.apache.portals.pluto:pluto-portal (Maven) Jan 8, 2022
Cross-site Scripting in Apache Pluto Moderate
CVE-2021-36738 was published for org.apache.portals.pluto:pluto-portal (Maven) Jan 8, 2022
Cross-site scripting in Apache NiFi Moderate
CVE-2020-1933 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
Cross-site Scripting (XSS) in Apache Ambari Views Moderate
CVE-2020-1936 was published for org.apache.ambari:ambari (Maven) Jan 6, 2022
Stored XSS vulnerability in Jenkins Scriptler Plugin Moderate
CVE-2021-21667 was published for org.jenkins-ci.plugins:scriptler (Maven) Jan 6, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Scriptler Plugin Moderate
CVE-2021-21668 was published for org.jenkins-ci.plugins:scriptler (Maven) Jan 6, 2022
NotMyFault
Cross-site Scripting in Apereo CAS Moderate
CVE-2021-42567 was published for org.apereo.cas:cas-server-core-web (Maven) Dec 10, 2021
tdunlap607
Apache JSPWiki Cross-site Scripting due to carefully crafted plugin link invocation Moderate
CVE-2021-40369 was published for org.apache.jspwiki:jspwiki-main (Maven) Dec 2, 2021
Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14 Moderate
CVE-2021-33611 was published for com.vaadin:vaadin-bom (Maven) Nov 3, 2021
XSS in `*Text` options of the Datepicker widget in jquery-ui Moderate
CVE-2021-41183 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
XSS in the `of` option of the `.position()` util in jquery-ui Moderate
CVE-2021-41184 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena A-Fitz-Nelnet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database