GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
406 advisories
Filter by severity
Jenkins Shortcut Job Plugin stored cross-site scripting vulnerability
High
CVE-2023-40346
was published
for
io.jenkins.plugins:shortcut-job
(Maven)
Aug 16, 2023
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability
High
CVE-2023-40350
was published
for
org.jenkins-ci.plugins:docker-swarm
(Maven)
Aug 16, 2023
Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability
High
CVE-2023-40342
was published
for
org.jenkins-ci.plugins:flaky-test-handler
(Maven)
Aug 16, 2023
LibreNMS Cross-site Scripting vulnerability
High
CVE-2023-4347
was published
for
librenms/librenms
(Composer)
Aug 15, 2023
Cockpit Cross-site Scripting vulnerability
High
CVE-2023-4321
was published
for
cockpit-hq/cockpit
(Composer)
Aug 14, 2023
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory
High
GHSA-r3hf-q8q7-fv2p
was published
for
@nguniversal/common
(npm)
Aug 9, 2023
Cockpit Cross-site Scripting vulnerability
High
CVE-2023-4196
was published
for
cockpit-hq/cockpit
(Composer)
Aug 6, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
High
CVE-2023-4007
was published
for
thorsten/phpmyfaq
(Composer)
Jul 31, 2023
Jenkins Stored Cross-site Scripting vulnerability
High
CVE-2023-39151
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jul 26, 2023
webmention.js Cross-site Scripting vulnerability
High
CVE-2023-3672
was published
for
webmention.js
(npm)
Jul 14, 2023
Decidim Cross-site Scripting vulnerability in the processes filter
High
CVE-2023-34089
was published
for
decidim
(RubyGems)
Jul 11, 2023
TeamPass Cross-site Scripting vulnerability
High
CVE-2023-3531
was published
for
nilsteampassnet/teampass
(Composer)
Jul 6, 2023
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
High
CVE-2023-36823
was published
for
sanitize
(RubyGems)
Jul 6, 2023
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox
High
CVE-2023-36809
was published
for
kiwitcms
(pip)
Jul 5, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
High
CVE-2023-35157
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email
High
CVE-2023-35155
was published
for
org.xwiki.platform:xwiki-platform-sharepage-api
(Maven)
Jun 20, 2023
Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting
High
CVE-2023-35145
was published
for
org.jenkins-ci.plugins:sonargraph-integration
(Maven)
Jun 14, 2023
Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting
High
CVE-2023-35146
was published
for
org.jenkins.plugin.templateWorkflows:template-workflows
(Maven)
Jun 14, 2023
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme
High
CVE-2023-34245
was published
for
@udecode/plate-link
(npm)
Jun 9, 2023
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload
High
CVE-2023-33977
was published
for
kiwitcms
(pip)
Jun 6, 2023
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
High
CVE-2023-34103
was published
for
avo
(RubyGems)
Jun 6, 2023
TeamPass vulnerable to stored Cross-site Scripting
High
CVE-2023-3084
was published
for
nilsteampassnet/teampass
(Composer)
Jun 3, 2023
TeamPass vulnerable to stored Cross-site Scripting
High
CVE-2023-3083
was published
for
nilsteampassnet/teampass
(Composer)
Jun 3, 2023
TestComplete support Plugin vulnerable to stored Cross-site Scripting
High
CVE-2023-33002
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
May 16, 2023
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting
High
CVE-2023-32977
was published
for
org.jenkins-ci.plugins.workflow:workflow-job
(Maven)
May 16, 2023
ProTip!
Advisories are also available from the
GraphQL API