GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
730 advisories
Filter by severity
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Moderate
GHSA-64gp-r758-8pfm
was published
for
org.jboss.hal:hal-console
(Maven)
Dec 23, 2024
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Moderate
CVE-2023-37940
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 18, 2024
Liferay Portal and Liferay DXP vulnerable to Criss-site Scripting
Moderate
CVE-2024-11993
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 17, 2024
Jenkins HTML Publisher Plugin does not properly sanitize input
High
CVE-2024-28149
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability
Moderate
CVE-2024-27140
was published
for
org.apache.archiva:archiva-common
(Maven)
Mar 1, 2024
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability
High
CVE-2024-54003
was published
for
io.jenkins.plugins:simple-queue
(Maven)
Nov 27, 2024
Apache Syncope: Stored XSS in Console and Enduser
Moderate
CVE-2024-45031
was published
for
org.apache.syncope.client:syncope-client-console
(Maven)
Oct 24, 2024
Jenkins HTML Publisher Plugin Stored XSS vulnerability
High
CVE-2024-28150
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
FitNesse Cross-site scripting
Moderate
CVE-2024-39610
was published
for
org.fitnesse:fitnesse
(Maven)
Nov 15, 2024
Stored Cross Site Scripting in Grails Fields Plugin
Moderate
CVE-2018-1000529
was published
for
org.grails.plugins:fields
(Maven)
Oct 19, 2018
Apache Syncope Improper Input Validation vulnerability
High
CVE-2024-38503
was published
for
org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
(Maven)
Jul 22, 2024
Stored XSS vulnerability in Jenkins Authorize Project Plugin
High
CVE-2024-52552
was published
for
org.jenkins-ci.plugins:authorize-project
(Maven)
Nov 13, 2024
Apache NiFi vulnerable to Cross-site Scripting
Moderate
CVE-2024-37389
was published
for
org.apache.nifi:nifi-web-ui
(Maven)
Jul 8, 2024
powertac-server XML External Entity vulnerability
High
CVE-2024-51135
was published
for
org.powertac:server-interface
(Maven)
Nov 11, 2024
Bonita cross-site scripting vulnerability
Moderate
CVE-2024-27609
was published
for
org.bonitasoft.console:bonita-web-server
(Maven)
Apr 1, 2024
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting
Moderate
CVE-2024-28160
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
Mar 6, 2024
hibernate-validator Cross-site Scripting vulnerability
Moderate
CVE-2023-1932
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Nov 7, 2024
Silverpeas Core vulnerable to Cross Site Scripting
Moderate
CVE-2024-29392
was published
for
org.silverpeas:silverpeas-core
(Maven)
May 22, 2024
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Reposilite artifacts vulnerable to Stored Cross-site Scripting
High
CVE-2024-36115
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand
High
CVE-2024-47880
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
High
CVE-2024-47878
was published
for
org.openrefine:extensions
(Maven)
Oct 24, 2024
Apache NiFi Cross-site Scripting vulnerability
Moderate
CVE-2024-45477
was published
for
org.apache.nifi:nifi-web-ui
(Maven)
Oct 29, 2024
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
ProTip!
Advisories are also available from the
GraphQL API