Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

726 advisories

Loading
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49486 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49485 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Improper Neutralization of Input in Advanced User Interface for Jolt High
CVE-2023-49145 was published for org.apache.nifi:nifi-jolt-transform-json-ui (Maven) Nov 28, 2023
exceptionfactory
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40814 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40817 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40813 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
MarkLee131
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40815 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40816 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40810 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40809 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40812 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Liferay Portal XSS with `p_l_back_url_title` on edit content page Critical
CVE-2023-47797 was published for com.liferay.portal:release.portal.bom (Maven) Nov 17, 2023
OpenNMS Cross-site Scripting vulnerability Moderate
CVE-2023-40314 was published for org.opennms:opennms-webapp (Maven) Nov 17, 2023
xxl-job-admin vulnerable to Cross Site Scripting Moderate
CVE-2023-48088 was published for com.xuxueli:xxl-job-admin (Maven) Nov 15, 2023
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu Critical
CVE-2023-46732 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Nov 8, 2023
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages Critical
CVE-2023-45137 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled Critical
CVE-2023-45136 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider Critical
CVE-2023-45134 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability Critical
CVE-2023-37908 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Oct 25, 2023
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS High
CVE-2023-46659 was published for org.jenkins-ci.plugins:trac (Maven) Oct 25, 2023
Stored XSS vulnerability in Jenkins GitHub Plugin High
CVE-2023-46650 was published for com.coravy.hudson.plugins.github:github (Maven) Oct 25, 2023
Yamcs Cross-site Scripting vulnerability Moderate
CVE-2023-45279 was published for org.yamcs:yamcs (Maven) Oct 20, 2023
Yamcs Cross-site Scripting vulnerability Moderate
CVE-2023-45280 was published for org.yamcs:yamcs (Maven) Oct 20, 2023
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter Critical
CVE-2023-45144 was published for com.xwiki.identity-oauth:identity-oauth-ui (Maven) Oct 17, 2023
lucaswitvoet
XWiki Change Request Application UI XSS and remote code execution through change request title Critical
CVE-2023-45138 was published for org.xwiki.contrib.changerequest:application-changerequest-ui (Maven) Oct 17, 2023
michitux
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database