Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

149 advisories

Loading
Reposilite artifacts vulnerable to Stored Cross-site Scripting High
CVE-2024-36115 was published for com.reposilite:reposilite-backend (Maven) Aug 2, 2024
artsploit
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28160 was published for org.jenkins-ci.plugins:icescrum (Maven) Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28157 was published for org.jenkins-ci.plugins:gitbucket (Maven) Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28156 was published for org.jenkins-ci.plugins:build-monitor-plugin (Maven) Mar 6, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability High
CVE-2024-28153 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) Mar 6, 2024
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin High
CVE-2024-23905 was published for io.jenkins.plugins:redhat-dependency-analytics (Maven) Jan 24, 2024
Cross Site Request Forgery in Silverpeas High
CVE-2023-47322 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Improper Neutralization of Input in Advanced User Interface for Jolt High
CVE-2023-49145 was published for org.apache.nifi:nifi-jolt-transform-json-ui (Maven) Nov 28, 2023
exceptionfactory
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS High
CVE-2023-46659 was published for org.jenkins-ci.plugins:trac (Maven) Oct 25, 2023
Stored XSS vulnerability in Jenkins GitHub Plugin High
CVE-2023-46650 was published for com.coravy.hudson.plugins.github:github (Maven) Oct 25, 2023
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability High
CVE-2023-43499 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) Sep 20, 2023
Jenkins Cross-site Scripting vulnerability High
CVE-2023-43495 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability High
CVE-2023-40342 was published for org.jenkins-ci.plugins:flaky-test-handler (Maven) Aug 16, 2023
Jenkins Shortcut Job Plugin stored cross-site scripting vulnerability High
CVE-2023-40346 was published for io.jenkins.plugins:shortcut-job (Maven) Aug 16, 2023
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability High
CVE-2023-40350 was published for org.jenkins-ci.plugins:docker-swarm (Maven) Aug 16, 2023
Jenkins Stored Cross-site Scripting vulnerability High
CVE-2023-39151 was published for org.jenkins-ci.main:jenkins-core (Maven) Jul 26, 2023
daniel-beck
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email High
CVE-2023-35155 was published for org.xwiki.platform:xwiki-platform-sharepage-api (Maven) Jun 20, 2023
Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-35145 was published for org.jenkins-ci.plugins:sonargraph-integration (Maven) Jun 14, 2023
Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-35146 was published for org.jenkins.plugin.templateWorkflows:template-workflows (Maven) Jun 14, 2023
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-32977 was published for org.jenkins-ci.plugins.workflow:workflow-job (Maven) May 16, 2023
Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability High
CVE-2023-33007 was published for org.jenkins-ci.plugins:loadcomplete (Maven) May 16, 2023
TestComplete support Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-33002 was published for org.jenkins-ci.plugins:TestComplete (Maven) May 16, 2023
Cross Site Scripting in OpenTSDB High
CVE-2023-25827 was published for net.opentsdb:opentsdb (Maven) May 3, 2023
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation High
CVE-2022-45064 was published for org.apache.sling:org.apache.sling.engine (Maven) Apr 13, 2023
ProTip! Advisories are also available from the GraphQL API