Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

714 advisories

Loading
XWiki Platform allows XSS through XClass name in string properties Critical
CVE-2024-43400 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Aug 19, 2024
Reposilite artifacts vulnerable to Stored Cross-site Scripting High
CVE-2024-36115 was published for com.reposilite:reposilite-backend (Maven) Aug 2, 2024
artsploit
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution Critical
CVE-2024-41947 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jul 31, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024
metametadata
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024
alexeyNeklesa-idt metametadata
Silverpeas Core Cross-site Scripting vulnerability Moderate
CVE-2024-39031 was published for org.silverpeas.core:silverpeas-core-rs (Maven) Jul 9, 2024
Apache NiFi vulnerable to Cross-site Scripting Moderate
CVE-2024-37389 was published for org.apache.nifi:nifi-web-ui (Maven) Jul 8, 2024
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document Low
CVE-2024-38364 was published for org.dspace:dspace-server-webapp (Maven) Jun 25, 2024
Xib3rR4dAr
Cross site scripting in Apache JSPWiki Moderate
CVE-2024-27136 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 24, 2024
OpenCMS Cross-Site Scripting vulnerability Moderate
CVE-2024-5520 was published for org.opencms:opencms-core (Maven) May 30, 2024
Eclipse Ditto vulnerable to Cross-site Scripting Moderate
CVE-2024-5165 was published for org.eclipse.ditto:ditto (Maven) May 23, 2024
Silverpeas Core vulnerable to Cross Site Scripting Moderate
CVE-2024-29392 was published for org.silverpeas:silverpeas-core (Maven) May 22, 2024
MS Basic Cross-site Scripting vulnerability Moderate
CVE-2024-33748 was published for net.mingsoft:ms-basic (Maven) May 7, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module Moderate
CVE-2024-31868 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
oscerd
Bonita cross-site scripting vulnerability Moderate
CVE-2024-27609 was published for org.bonitasoft.console:bonita-web-server (Maven) Apr 1, 2024
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23821 was published for org.geoserver:gs-gwc (Maven) Mar 20, 2024
sikeoka
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23819 was published for org.geoserver.extension:gs-mapml (Maven) Mar 20, 2024
sikeoka
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23818 was published for org.geoserver:gs-wms (Maven) Mar 20, 2024
sikeoka
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23643 was published for org.geoserver:gs-gwc-rest (Maven) Mar 20, 2024
sikeoka
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23642 was published for org.geoserver:gs-wms (Maven) Mar 20, 2024
sikeoka
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23640 was published for org.geoserver:gs-main (Maven) Mar 20, 2024
sikeoka
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API Moderate
CVE-2023-51445 was published for org.geoserver:gs-restconfig (Maven) Mar 20, 2024
thomsmith VertigoM
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28160 was published for org.jenkins-ci.plugins:icescrum (Maven) Mar 6, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability High
CVE-2024-28153 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) Mar 6, 2024
ProTip! Advisories are also available from the GraphQL API