Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

699 advisories

Loading
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document Low
CVE-2024-38364 was published for org.dspace:dspace-server-webapp (Maven) Jun 25, 2024
Xib3rR4dAr
Cross site scripting in Apache JSPWiki Moderate
CVE-2024-27136 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 24, 2024
OpenCMS Cross-Site Scripting vulnerability Moderate
CVE-2024-5520 was published for org.opencms:opencms-core (Maven) May 30, 2024
Eclipse Ditto vulnerable to Cross-site Scripting Moderate
CVE-2024-5165 was published for org.eclipse.ditto:ditto (Maven) May 23, 2024
Silverpeas Core vulnerable to Cross Site Scripting Moderate
CVE-2024-29392 was published for org.silverpeas:silverpeas-core (Maven) May 22, 2024
MS Basic Cross-site Scripting vulnerability Moderate
CVE-2024-33748 was published for net.mingsoft:ms-basic (Maven) May 7, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module Moderate
CVE-2024-31868 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
oscerd
Bonita cross-site scripting vulnerability Moderate
CVE-2024-27609 was published for org.bonitasoft.console:bonita-web-server (Maven) Apr 1, 2024
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23821 was published for org.geoserver:gs-gwc (Maven) Mar 20, 2024
sikeoka
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23819 was published for org.geoserver.extension:gs-mapml (Maven) Mar 20, 2024
sikeoka
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23818 was published for org.geoserver:gs-wms (Maven) Mar 20, 2024
sikeoka
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23643 was published for org.geoserver:gs-gwc-rest (Maven) Mar 20, 2024
sikeoka
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23642 was published for org.geoserver:gs-wms (Maven) Mar 20, 2024
sikeoka
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23640 was published for org.geoserver:gs-main (Maven) Mar 20, 2024
sikeoka
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API Moderate
CVE-2023-51445 was published for org.geoserver:gs-restconfig (Maven) Mar 20, 2024
thomsmith
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28160 was published for org.jenkins-ci.plugins:icescrum (Maven) Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28156 was published for org.jenkins-ci.plugins:build-monitor-plugin (Maven) Mar 6, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability High
CVE-2024-28153 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28157 was published for org.jenkins-ci.plugins:gitbucket (Maven) Mar 6, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability Moderate
CVE-2024-27140 was published for org.apache.archiva:archiva-common (Maven) Mar 1, 2024
oscerd
Apache Ambari: Various Cross site scripting problems Moderate
CVE-2023-50378 was published for org.apache.ambari:ambari (Maven) Mar 1, 2024
oscerd
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2023-47795 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing Moderate
CVE-2024-25151 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-26266 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
ProTip! Advisories are also available from the GraphQL API