Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

2,459 advisories

Loading
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri Moderate
GHSA-5968-qw33-h47j was published for org.keycloak:keycloak-services (Maven) Dec 15, 2023 withdrawn
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50137 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50102 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50101 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50100 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Open redirect in Apache Shiro Moderate
CVE-2023-46750 was published for org.apache.shiro:shiro-web (Maven) Dec 14, 2023
Jenkins Nexus Platform Plugin missing permission check Moderate
CVE-2023-50769 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50776 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Missing permission check in Jenkins Scriptler Plugin Moderate
CVE-2023-50765 was published for org.jenkins-ci.plugins:scriptler (Maven) Dec 13, 2023
Displayed in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50773 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin Moderate
CVE-2023-50775 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Dec 13, 2023
Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin Moderate
CVE-2023-50778 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50771 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-50768 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50777 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Tokens stored in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50772 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Missing permission check in Jenkins PaaSLane Estimate Plugin Moderate
CVE-2023-50779 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47321 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47327 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47325 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Cross-site Scripting in silverpeas Moderate
CVE-2023-47324 was published for org.silverpeas.core:silverpeas-core-api (Maven) Dec 13, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49485 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49486 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49487 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database