GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
406 advisories
Filter by severity
Kiwi TCMS Stored Cross-site Scripting via SVG file
High
CVE-2023-27489
was published
for
kiwitcms
(pip)
Mar 30, 2023
smarty Cross-site Scripting vulnerability in Javascript escaping
High
CVE-2023-28447
was published
for
smarty/smarty
(Composer)
Mar 29, 2023
Cross-site Scripting vulnerability in Jenkins
High
CVE-2023-27898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
High
CVE-2023-27474
was published
for
directus
(npm)
Mar 7, 2023
XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data
High
CVE-2023-26480
was published
for
org.xwiki.platform:xwiki-platform-livedata-macro
(Maven)
Mar 3, 2023
Keycloak Cross-site Scripting on OpenID connect login service
High
CVE-2022-4137
was published
for
org.keycloak:keycloak-parent
(Maven)
Mar 1, 2023
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
High
CVE-2023-24814
was published
for
typo3/cms
(Composer)
Feb 8, 2023
gatsby-transformer-remark has possible unsanitized JavaScript code injection
High
CVE-2023-22491
was published
for
gatsby-transformer-remark
(npm)
Jan 11, 2023
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
High
CVE-2023-22461
was published
for
@mattkrick/sanitize-svg
(npm)
Jan 5, 2023
Gravitee API Management contains Path Traversal
High
CVE-2022-38723
was published
for
io.gravitee.apim:gravitee-api-management
(Maven)
Jan 4, 2023
Stored XSS vulnerability in Jenkins Checkmarx Plugin
High
CVE-2022-46684
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Dec 12, 2022
Cross-site Scripting in Jenkins Spring Config Plugin
High
CVE-2022-46687
was published
for
io.jenkins.plugins:spring-config
(Maven)
Dec 12, 2022
Jenkins Custom Build Properties Plugin vulnerable to Cross-site Scripting
High
CVE-2022-46686
was published
for
io.jenkins.plugins:custom-build-properties
(Maven)
Dec 12, 2022
XBlock vulnerable to Cross-Site Scripting (XSS)
High
CVE-2022-46147
was published
for
xblock-drag-and-drop-v2
(pip)
Dec 2, 2022
Cross-site Scripting in Apache Hama
High
CVE-2022-45470
was published
for
org.apache.hama:hama-core
(Maven)
Nov 21, 2022
Cross-site Scripting in librenms/librenms
High
CVE-2022-4068
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
High
CVE-2022-45401
was published
for
org.jenkins-ci.main:associated-files-plugin
(Maven)
Nov 16, 2022
Jenkins BART Plugin vulnerable to cross-site scripting (XSS)
High
CVE-2022-45387
was published
for
org.jenkins-ci.plugins:bart
(Maven)
Nov 16, 2022
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
High
CVE-2022-45380
was published
for
org.jenkins-ci.plugins:junit
(Maven)
Nov 16, 2022
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled
High
CVE-2022-41905
was published
for
wsgidav
(pip)
Nov 16, 2022
phpMyFAQ vulnerable to Cross-site Scripting
High
CVE-2022-3608
was published
for
phpmyfaq/phpmyfaq
(Composer)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin
High
CVE-2022-43425
was published
for
io.jenkins.plugins:custom-checkbox-parameter
(Maven)
Oct 19, 2022
ProTip!
Advisories are also available from the
GraphQL API