Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

149 advisories

Loading
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis sunSUNQ
Reflected Cross-site Scripting in ACS Commons High
CVE-2021-21028 was published for com.adobe.acs:acs-aem-commons (Maven) Feb 2, 2021
Code injection in keycloak High
CVE-2021-20222 was published for org.keycloak:keycloak-parent (Maven) May 13, 2021
Cross-Site Scripting High
CVE-2021-20293 was published for org.jboss.resteasy:resteasy-bom (Maven) Jun 15, 2021
Cross site scripting in registration template in xwiki-platform High
CVE-2022-23622 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Feb 9, 2022
Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin High
CVE-2022-25191 was published for io.jenkins.plugins:agent-server-parameter (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-25189 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin High
CVE-2022-27213 was published for io.jenkins.plugins:environment-dashboard (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin High
CVE-2022-27202 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin High
CVE-2022-28149 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin High
CVE-2022-28145 was published for org.jenkins-ci.plugins:ci-with-toad-edge (Maven) Mar 30, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin High
CVE-2022-29045 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL High
CVE-2022-29049 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault westonsteimel
Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin High
CVE-2022-29039 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) Apr 13, 2022
NotMyFault
Improper Neutralization of Input During Web Page Generation in Apache Tomcat High
CVE-2015-5346 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Cross-site Scripting in Jenkins Rundeck Plugin High
CVE-2022-30956 was published for org.jenkins-ci.plugins:rundeck (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Global Variable String Parameter Plugin High
CVE-2022-30962 was published for org.jenkins-ci.plugins:global-variable-string-parameter (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins JDK Parameter Plugin High
CVE-2022-30963 was published for org.jenkins-ci.plugins:JDK_Parameter_Plugin (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins vboxwrapper Plugin High
CVE-2022-30968 was published for org.jenkins-ci.plugins:vboxwrapper (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30961 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Application Detector Plugin High
CVE-2022-30960 was published for org.jenkins-ci.plugins:app-detector (Maven) May 18, 2022
NotMyFault
Cross site scripting in Jenkins Selection tasks Plugin High
CVE-2022-30967 was published for org.jvnet.hudson.plugins:selection-tasks-plugin (Maven) May 18, 2022
NotMyFault
Stored Cross-site Scripting vulnerabilities in Jenkins promoted Builds (Simple) plugin providing additional parameter types High
CVE-2022-30965 was published for org.jenkins-ci.plugins:promoted-builds-simple (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Multiselect parameter Plugin High
CVE-2022-30964 was published for io.jenkins.plugins:multiselect-parameter (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30970 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API