Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,932 advisories

Loading
Cross Site Scripting in OpenTSDB High
CVE-2023-25827 was published for net.opentsdb:opentsdb (Maven) May 3, 2023
Apache Spark UI vulnerable to Command Injection High
CVE-2023-32007 was published for org.apache.spark:spark-parent_2.12 (Maven) May 2, 2023
XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet High
CVE-2023-29522 was published for org.xwiki.platform:xwiki-platform-xclass-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account/view through VFS Tree macro High
CVE-2023-29521 was published for org.xwiki.platform:xwiki-platform-vfs-ui (Maven) Apr 20, 2023
org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection High
CVE-2023-29519 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon High
CVE-2023-29518 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Apr 20, 2023
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer High
CVE-2023-29517 was published for org.xwiki.platform:xwiki-platform-office-viewer (Maven) Apr 20, 2023
Snowflake JDBC vulnerable to command injection via SSO URL authentication High
CVE-2023-30535 was published for net.snowflake:snowflake-jdbc (Maven) Apr 14, 2023
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation High
CVE-2022-45064 was published for org.apache.sling:org.apache.sling.engine (Maven) Apr 13, 2023
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro High
CVE-2023-29207 was published for org.xwiki.platform:xwiki-platform-flamingo (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents High
CVE-2023-29208 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 12, 2023
Jenkins Quay.io trigger Plugin Cross-site Scripting vulnerability High
CVE-2023-30520 was published for org.jenkins-ci.plugins:quayio-trigger (Maven) Apr 12, 2023
Apache James server's JMX management service vulnerable to privilege escalation by local user High
CVE-2023-26269 was published for org.apache.james:javax-mail-extension (Maven) Apr 3, 2023
Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting High
CVE-2023-28679 was published for javagh.jenkins:mashup-portlets-plugin (Maven) Apr 2, 2023
Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28681 was published for org.jenkins-ci.plugins:vs-code-metrics (Maven) Apr 2, 2023
Jenkins Pipeline Aggregator View Plugin vulnerable to Cross-site Scripting High
CVE-2023-28670 was published for com.paul8620.jenkins.plugins:pipeline-aggregator-view (Maven) Apr 2, 2023
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2023-28676 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS) High
CVE-2023-28678 was published for org.jenkins-ci.plugins:cppcheck (Maven) Apr 2, 2023
Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28680 was published for org.jenkins-ci.plugins:crap4j (Maven) Apr 2, 2023
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-28669 was published for org.jenkins-ci.plugins:jacoco (Maven) Apr 2, 2023
Jenkins Convert To Pipeline Plugin vulnerable to command injection High
CVE-2023-28677 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks High
CVE-2023-28684 was published for com.sap.jenkinsci:remote-jobs-view-plugin (Maven) Apr 2, 2023
Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28683 was published for org.jenkins-ci.plugins:phabricator-plugin (Maven) Apr 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database