GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
699 advisories
Filter by severity
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Low
CVE-2024-38364
was published
for
org.dspace:dspace-server-webapp
(Maven)
Jun 25, 2024
Cross site scripting in Apache JSPWiki
Moderate
CVE-2024-27136
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 24, 2024
OpenCMS Cross-Site Scripting vulnerability
Moderate
CVE-2024-5520
was published
for
org.opencms:opencms-core
(Maven)
May 30, 2024
Eclipse Ditto vulnerable to Cross-site Scripting
Moderate
CVE-2024-5165
was published
for
org.eclipse.ditto:ditto
(Maven)
May 23, 2024
Silverpeas Core vulnerable to Cross Site Scripting
Moderate
CVE-2024-29392
was published
for
org.silverpeas:silverpeas-core
(Maven)
May 22, 2024
MS Basic Cross-site Scripting vulnerability
Moderate
CVE-2024-33748
was published
for
net.mingsoft:ms-basic
(Maven)
May 7, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Moderate
CVE-2023-6717
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Bonita cross-site scripting vulnerability
Moderate
CVE-2024-27609
was published
for
org.bonitasoft.console:bonita-web-server
(Maven)
Apr 1, 2024
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23821
was published
for
org.geoserver:gs-gwc
(Maven)
Mar 20, 2024
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23819
was published
for
org.geoserver.extension:gs-mapml
(Maven)
Mar 20, 2024
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23818
was published
for
org.geoserver:gs-wms
(Maven)
Mar 20, 2024
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23643
was published
for
org.geoserver:gs-gwc-rest
(Maven)
Mar 20, 2024
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23642
was published
for
org.geoserver:gs-wms
(Maven)
Mar 20, 2024
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23640
was published
for
org.geoserver:gs-main
(Maven)
Mar 20, 2024
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
Moderate
CVE-2023-51445
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28160
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28156
was published
for
org.jenkins-ci.plugins:build-monitor-plugin
(Maven)
Mar 6, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability
High
CVE-2024-28153
was published
for
org.jenkins-ci.plugins:dependency-check-jenkins-plugin
(Maven)
Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28157
was published
for
org.jenkins-ci.plugins:gitbucket
(Maven)
Mar 6, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability
Moderate
CVE-2024-27140
was published
for
org.apache.archiva:archiva-common
(Maven)
Mar 1, 2024
Apache Ambari: Various Cross site scripting problems
Moderate
CVE-2023-50378
was published
for
org.apache.ambari:ambari
(Maven)
Mar 1, 2024
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2023-47795
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
Moderate
CVE-2024-25151
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-26266
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
ProTip!
Advisories are also available from the
GraphQL API