GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
720 advisories
Filter by severity
Apache Linkis Zip Slip issue
Critical
CVE-2023-27603
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
Apache Linkis Authentication Bypass vulnerability
Critical
CVE-2023-27987
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
HtmlUnit Code Injection vulnerability
Critical
CVE-2023-26119
was published
for
net.sourceforge.htmlunit:htmlunit
(Maven)
Jul 6, 2023
Apache Kylin vulnerable to remote code execution
Critical
CVE-2022-24697
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jul 6, 2023
Remote Code Execution for 2.4.1 and earlier
Critical
CVE-2023-36812
was published
for
net.opentsdb:opentsdb
(Maven)
Jun 30, 2023
Upgrading doesn't prevent exploiting vulnerable XWiki documents
Critical
CVE-2023-36468
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to Code injection through NotificationRSSService
Critical
CVE-2023-36469
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to Code Injection in icon themes
Critical
CVE-2023-36470
was published
for
org.xwiki.platform:xwiki-platform-icon-default
(Maven)
Jun 30, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
Critical
CVE-2023-36471
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages
Critical
CVE-2023-36477
was published
for
org.xwiki.contrib:application-ckeditor-ui
(Maven)
Jun 30, 2023
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
Critical
CVE-2022-4361
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 30, 2023
jFinal Server-Side Template Injection vulnerability
Critical
CVE-2021-31635
was published
for
com.jfinal:jfinal
(Maven)
Jun 26, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
Critical
CVE-2023-35161
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
Critical
CVE-2023-35160
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
Critical
CVE-2023-35159
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
Critical
CVE-2023-35158
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
Critical
CVE-2023-35156
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Jun 22, 2023
Apache Accumulo Improper Authentication vulnerability
Critical
CVE-2023-34340
was published
for
org.apache.accumulo:accumulo-shell
(Maven)
Jun 21, 2023
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template
Critical
CVE-2023-35162
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
Critical
CVE-2023-35153
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
Critical
CVE-2023-35152
was published
for
org.xwiki.platform:xwiki-platform-like-ui
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application
Critical
CVE-2023-35150
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Jun 20, 2023
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights
Critical
CVE-2023-34465
was published
for
org.xwiki.platform:xwiki-platform-mail-send-default
(Maven)
Jun 20, 2023
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
Critical
CVE-2023-34464
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Jun 20, 2023
Solon vulnerable to deserialization of untrusted data
Critical
CVE-2023-35839
was published
for
org.noear:solon
(Maven)
Jun 19, 2023
ProTip!
Advisories are also available from the
GraphQL API