GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
406 advisories
Filter by severity
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
High
CVE-2022-43409
was published
for
org.jenkins-ci.plugins.workflow:workflow-support
(Maven)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin
High
CVE-2022-43420
was published
for
org.jenkins-ci.plugins:contrast-continuous-application-security
(Maven)
Oct 19, 2022
Moodle Stored Cross-site Scripting and page denial of service
High
CVE-2022-40313
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Lithium vulnerable to Cross Site Scripting in provided Swagger-UI
High
GHSA-f36p-42jv-8rh2
was published
for
com.wire.bots:lithium
(Maven)
Sep 30, 2022
Stored XSS vulnerability in Jenkins DotCi Plugin
High
CVE-2022-41239
was published
for
com.groupon.jenkins-ci.plugins:DotCi
(Maven)
Sep 22, 2022
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting
High
CVE-2022-41229
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting
High
CVE-2022-41225
was published
for
org.jenkins-ci.plugins:anchore-container-scanner
(Maven)
Sep 22, 2022
Stored XSS vulnerability in Jenkins Walti plugin
High
CVE-2022-41240
was published
for
org.jenkins-ci.plugins:walti
(Maven)
Sep 22, 2022
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
High
CVE-2022-41224
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 22, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
High
CVE-2022-36096
was published
for
org.xwiki.platform:xwiki-platform-index-ui
(Maven)
Sep 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
High
CVE-2022-36097
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Sep 16, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
High
CVE-2022-36094
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Cross-site scripting from content entered in the tags and multiselect fields
High
GHSA-rv3r-vqjj-8c76
was published
for
getkirby/cms
(Composer)
Aug 30, 2022
Incorrect Access Control and Cross Site Scripting in Jellyfin
High
CVE-2022-35909
was published
for
Jellyfin.Common
(NuGet)
Aug 20, 2022
JSPUI Possible Cross Site Scripting in "Request a Copy" Feature
High
CVE-2022-31192
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting
High
CVE-2022-31191
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting
High
CVE-2022-36922
was published
for
org.jenkins-ci.plugins:lucene-search
(Maven)
Jul 28, 2022
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
High
CVE-2022-36902
was published
for
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
(Maven)
Jul 28, 2022
Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin
High
CVE-2022-36905
was published
for
eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin
(Maven)
Jul 28, 2022
Cross-site Scripting in Jenkins Plot Plugin
High
CVE-2022-34783
was published
for
org.jenkins-ci.plugins:plot
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins GitLab Plugin
High
CVE-2022-34777
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Jul 1, 2022
Jenkins Project Inheritance Plugin vulnerable to cross site scripting
High
CVE-2022-34787
was published
for
hudson.plugins:project-inheritance
(Maven)
Jul 1, 2022
Jenkins Matrix Reloaded Plugin vulnerable to Stored XSS
High
CVE-2022-34788
was published
for
net.praqma:matrix-reloaded
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins TestNG Results Plugin
High
CVE-2022-34778
was published
for
org.jenkins-ci.plugins:testng-plugin
(Maven)
Jul 1, 2022
ProTip!
Advisories are also available from the
GraphQL API