Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

151 advisories

Loading
Lithium vulnerable to Cross Site Scripting in provided Swagger-UI High
GHSA-f36p-42jv-8rh2 was published for com.wire.bots:lithium (Maven) Sep 30, 2022
comawill
Gravitee API Management contains Path Traversal High
CVE-2022-38723 was published for io.gravitee.apim:gravitee-api-management (Maven) Jan 4, 2023
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin High
CVE-2022-29045 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform High
CVE-2022-29258 was published for org.xwiki.platform:xwiki-platform-filter-ui (Maven) Jun 1, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form High
CVE-2022-36097 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Sep 16, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history High
CVE-2022-36094 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Cross-site Scripting in wiki manager join wiki page High
CVE-2022-29252 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) May 25, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list High
CVE-2022-36096 was published for org.xwiki.platform:xwiki-platform-index-ui (Maven) Sep 16, 2022
Cross-site Scripting in the Flamingo theme manager High
CVE-2022-29251 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) May 25, 2022
JSPUI Possible Cross Site Scripting in "Request a Copy" Feature High
CVE-2022-31192 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin High
CVE-2022-29039 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) Apr 13, 2022
NotMyFault
Cross-site Scripting in Jenkins Rundeck Plugin High
CVE-2022-30956 was published for org.jenkins-ci.plugins:rundeck (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Global Variable String Parameter Plugin High
CVE-2022-30962 was published for org.jenkins-ci.plugins:global-variable-string-parameter (Maven) May 18, 2022
NotMyFault
Cross site scripting in Jenkins Selection tasks Plugin High
CVE-2022-30967 was published for org.jvnet.hudson.plugins:selection-tasks-plugin (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Application Detector Plugin High
CVE-2022-30960 was published for org.jenkins-ci.plugins:app-detector (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30970 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins vboxwrapper Plugin High
CVE-2022-30968 was published for org.jenkins-ci.plugins:vboxwrapper (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins JDK Parameter Plugin High
CVE-2022-30963 was published for org.jenkins-ci.plugins:JDK_Parameter_Plugin (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30961 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Multiselect parameter Plugin High
CVE-2022-30964 was published for io.jenkins.plugins:multiselect-parameter (Maven) May 18, 2022
NotMyFault
Stored Cross-site Scripting vulnerabilities in Jenkins promoted Builds (Simple) plugin providing additional parameter types High
CVE-2022-30965 was published for org.jenkins-ci.plugins:promoted-builds-simple (Maven) May 18, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin High
CVE-2022-36905 was published for eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin (Maven) Jul 28, 2022
NotMyFault
Cross-site Scripting in Jenkins Spring Config Plugin High
CVE-2022-46687 was published for io.jenkins.plugins:spring-config (Maven) Dec 12, 2022
Cross-site Scripting in Jenkins Rich Text Publisher Plugin High
CVE-2022-34786 was published for org.jenkins-ci.plugins:rich-text-publisher-plugin (Maven) Jul 1, 2022
NotMyFault
Cross-site Scripting in Jenkins Validating Email Parameter Plugin High
CVE-2022-34791 was published for io.jenkins.plugins:validating-email-parameter (Maven) Jul 1, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database