Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

37,057 advisories

Loading
Cross-site Scripting in Jenkins Active Choices plugin Moderate
CVE-2017-1000386 was published for org.biouno:uno-choice (Maven) May 14, 2022
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or... Moderate Unreviewed
CVE-2017-11107 was published May 13, 2022
Cross-site Scripting in wicket-jquery-ui Moderate
CVE-2018-1325 was published for com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent (Maven) May 14, 2022
Cross-site Scripting in Eclipse Mojarra Moderate
CVE-2019-17091 was published for org.glassfish:jakarta.faces (Maven) May 24, 2022
Cross-site Scripting in Apache Struts Moderate
CVE-2015-2992 was published for org.apache.struts:struts2-core (Maven) May 24, 2022
Cross-site Scripting in wicket-jquery-ui Moderate
CVE-2017-15719 was published for com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent (Maven) May 14, 2022
A vulnerability classified as problematic has been found in WebFactory Under Construction Plugin.... Moderate Unreviewed
CVE-2022-3808 was published Nov 2, 2022
Cross-site Scripting in Apache Pluto Chatroom demo Moderate
CVE-2019-0186 was published for org.apache.portals.pluto:chatRoomDemo (Maven) May 24, 2022
Cross-site Scripting in Apache Struts Low
CVE-2011-1772 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the... Critical Unreviewed
CVE-2022-40289 was published Nov 1, 2022
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via... Moderate Unreviewed
CVE-2017-14651 was published May 13, 2022
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user... Critical Unreviewed
CVE-2022-40288 was published Nov 1, 2022
The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2022-40287 was published Nov 1, 2022
node-red-dashboard vulnerable to Cross-site Scripting Moderate
CVE-2022-3783 was published for node-red-dashboard (npm) Nov 1, 2022
The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2022-3402 was published Oct 29, 2022
PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy... High Unreviewed
CVE-2019-6528 was published May 13, 2022
Cross-site Scripting in Apache Struts Moderate
CVE-2015-5169 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS)... Moderate Unreviewed
CVE-2022-40290 was published Nov 1, 2022
Cross-site Scripting in Apache Jetspeed Moderate
CVE-2016-0712 was published for org.apache.portals.jetspeed-2:jetspeed (Maven) May 17, 2022
Cross-site scripting in Elasticsearch Moderate
CVE-2014-6439 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
HyperDown vulnerable to Cross-site Scripting Moderate
CVE-2022-25849 was published for joyqi/hyper-down (Composer) Oct 26, 2022
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in... Moderate Unreviewed
CVE-2018-7049 was published May 13, 2022
Cross-Site Scripting in @novnc/novnc Moderate
CVE-2017-18635 was published for @novnc/novnc (npm) Aug 28, 2020
Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web... Moderate Unreviewed
CVE-2011-1263 was published May 13, 2022
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2017-1446 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database