GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
508 advisories
Filter by severity
Cross-site scripting in Liferay Portal
Moderate
CVE-2023-33938
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Cross-site scripting in Liferay Portal
Moderate
CVE-2023-33939
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Cross-site scripting in Liferay Portal
Moderate
CVE-2023-33941
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Cross-site scripting in Liferay Portal
Moderate
CVE-2023-33942
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Cross-site scripting in Liferay Portal
Moderate
CVE-2023-33940
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Cross-site scripting in Liferay Portal
Moderate
CVE-2023-33943
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
alkacon-OpenCMS vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-31544
was published
for
org.opencms:opencms-core
(Maven)
May 16, 2023
Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-32984
was published
for
org.jenkins-ci.plugins:testng-plugin
(Maven)
May 16, 2023
ONOS vulnerable to Cross-site Scripting
Moderate
CVE-2023-30093
was published
for
org.onosproject:onos-archetypes
(Maven)
May 5, 2023
XWiki App Within Minutes app grants space admin rights that allows cross-site scripting
Moderate
CVE-2023-29515
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes
(Maven)
Apr 20, 2023
org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticate endpoints
Moderate
CVE-2023-29506
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-default
(Maven)
Apr 12, 2023
XXL-JOB vulnerable to Cross-site Scripting
Moderate
CVE-2023-26120
was published
for
com.xuxueli:xxl-job
(Maven)
Apr 10, 2023
Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter
Moderate
CVE-2023-29014
was published
for
io.goobi.viewer:viewer-core
(Maven)
Apr 7, 2023
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
Moderate
CVE-2023-29015
was published
for
io.goobi.viewer:viewer-core
(Maven)
Apr 7, 2023
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames
Moderate
CVE-2023-29016
was published
for
io.goobi.viewer:viewer-core
(Maven)
Apr 7, 2023
Apache Archiva vulnerable to privilege escalation via stored cross-site scripting (XSS)
Moderate
CVE-2023-28158
was published
for
org.apache.archiva:archiva
(Maven)
Mar 29, 2023
ONOS vulnerable to reflected cross-site scripting
Moderate
CVE-2023-24279
was published
for
org.onosproject:onos-archetypes
(Maven)
Mar 14, 2023
Cross site scripting vulnerability in update-center2
Moderate
CVE-2023-27905
was published
for
org.jenkins-ci:update-center2
(Maven)
Mar 10, 2023
HTML Injection in Keycloak Admin REST API
Moderate
CVE-2022-1274
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 1, 2023
Keycloak vulnerable to Cross-site Scripting
Moderate
CVE-2022-1438
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 1, 2023
Cross-site Scripting in Quarkus
Moderate
CVE-2023-0044
was published
for
io.quarkus:quarkus-vertx-http
(Maven)
Feb 23, 2023
Cross Site Scripting in OpenNMS
Moderate
CVE-2023-0869
was published
for
org.opennms:opennms-web-api
(Maven)
Feb 23, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting
Moderate
CVE-2023-0867
was published
for
org.opennms:opennms
(Maven)
Feb 23, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting
Moderate
CVE-2023-0868
was published
for
org.opennms:opennms-webapp
(Maven)
Feb 23, 2023
OpenNMS Horizon and Meridian vulnerable to Cross-site Scripting
Moderate
CVE-2023-0846
was published
for
org.opennms:opennms
(Maven)
Feb 22, 2023
ProTip!
Advisories are also available from the
GraphQL API