GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
156 advisories
Filter by severity
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability
High
CVE-2024-54003
was published
for
io.jenkins.plugins:simple-queue
(Maven)
Nov 27, 2024
Stored XSS vulnerability in Jenkins Authorize Project Plugin
High
CVE-2024-52552
was published
for
org.jenkins-ci.plugins:authorize-project
(Maven)
Nov 13, 2024
powertac-server XML External Entity vulnerability
High
CVE-2024-51135
was published
for
org.powertac:server-interface
(Maven)
Nov 11, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand
High
CVE-2024-47880
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
High
CVE-2024-47878
was published
for
org.openrefine:extensions
(Maven)
Oct 24, 2024
Reposilite artifacts vulnerable to Stored Cross-site Scripting
High
CVE-2024-36115
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
Apache Syncope Improper Input Validation vulnerability
High
CVE-2024-38503
was published
for
org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
(Maven)
Jul 22, 2024
Jenkins HTML Publisher Plugin Stored XSS vulnerability
High
CVE-2024-28150
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
Jenkins HTML Publisher Plugin does not properly sanitize input
High
CVE-2024-28149
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28157
was published
for
org.jenkins-ci.plugins:gitbucket
(Maven)
Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28156
was published
for
org.jenkins-ci.plugins:build-monitor-plugin
(Maven)
Mar 6, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability
High
CVE-2024-28153
was published
for
org.jenkins-ci.plugins:dependency-check-jenkins-plugin
(Maven)
Mar 6, 2024
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin
High
CVE-2024-23905
was published
for
io.jenkins.plugins:redhat-dependency-analytics
(Maven)
Jan 24, 2024
Cross Site Request Forgery in Silverpeas
High
CVE-2023-47322
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
Improper Neutralization of Input in Advanced User Interface for Jolt
High
CVE-2023-49145
was published
for
org.apache.nifi:nifi-jolt-transform-json-ui
(Maven)
Nov 28, 2023
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS
High
CVE-2023-46659
was published
for
org.jenkins-ci.plugins:trac
(Maven)
Oct 25, 2023
Stored XSS vulnerability in Jenkins GitHub Plugin
High
CVE-2023-46650
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Oct 25, 2023
Jenkins Cross-site Scripting vulnerability
High
CVE-2023-43495
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability
High
CVE-2023-43499
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
Sep 20, 2023
Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability
High
CVE-2023-40342
was published
for
org.jenkins-ci.plugins:flaky-test-handler
(Maven)
Aug 16, 2023
Jenkins Shortcut Job Plugin stored cross-site scripting vulnerability
High
CVE-2023-40346
was published
for
io.jenkins.plugins:shortcut-job
(Maven)
Aug 16, 2023
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability
High
CVE-2023-40350
was published
for
org.jenkins-ci.plugins:docker-swarm
(Maven)
Aug 16, 2023
Jenkins Stored Cross-site Scripting vulnerability
High
CVE-2023-39151
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jul 26, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
High
CVE-2023-35157
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email
High
CVE-2023-35155
was published
for
org.xwiki.platform:xwiki-platform-sharepage-api
(Maven)
Jun 20, 2023
ProTip!
Advisories are also available from the
GraphQL API