Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

155 advisories

Loading
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability High
CVE-2024-54003 was published for io.jenkins.plugins:simple-queue (Maven) Nov 27, 2024
Stored XSS vulnerability in Jenkins Authorize Project Plugin High
CVE-2024-52552 was published for org.jenkins-ci.plugins:authorize-project (Maven) Nov 13, 2024
powertac-server XML External Entity vulnerability High
CVE-2024-51135 was published for org.powertac:server-interface (Maven) Nov 11, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand High
CVE-2024-47880 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt) High
CVE-2024-47878 was published for org.openrefine:extensions (Maven) Oct 24, 2024
Reposilite artifacts vulnerable to Stored Cross-site Scripting High
CVE-2024-36115 was published for com.reposilite:reposilite-backend (Maven) Aug 2, 2024
artsploit
Apache Syncope Improper Input Validation vulnerability High
CVE-2024-38503 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (Maven) Jul 22, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability High
CVE-2024-28153 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28156 was published for org.jenkins-ci.plugins:build-monitor-plugin (Maven) Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28157 was published for org.jenkins-ci.plugins:gitbucket (Maven) Mar 6, 2024
Jenkins HTML Publisher Plugin Stored XSS vulnerability High
CVE-2024-28150 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) Mar 6, 2024
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin High
CVE-2024-23905 was published for io.jenkins.plugins:redhat-dependency-analytics (Maven) Jan 24, 2024
Cross Site Request Forgery in Silverpeas High
CVE-2023-47322 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Improper Neutralization of Input in Advanced User Interface for Jolt High
CVE-2023-49145 was published for org.apache.nifi:nifi-jolt-transform-json-ui (Maven) Nov 28, 2023
exceptionfactory
Stored XSS vulnerability in Jenkins GitHub Plugin High
CVE-2023-46650 was published for com.coravy.hudson.plugins.github:github (Maven) Oct 25, 2023
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS High
CVE-2023-46659 was published for org.jenkins-ci.plugins:trac (Maven) Oct 25, 2023
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability High
CVE-2023-43499 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) Sep 20, 2023
Jenkins Cross-site Scripting vulnerability High
CVE-2023-43495 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability High
CVE-2023-40342 was published for org.jenkins-ci.plugins:flaky-test-handler (Maven) Aug 16, 2023
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability High
CVE-2023-40350 was published for org.jenkins-ci.plugins:docker-swarm (Maven) Aug 16, 2023
Jenkins Shortcut Job Plugin stored cross-site scripting vulnerability High
CVE-2023-40346 was published for io.jenkins.plugins:shortcut-job (Maven) Aug 16, 2023
Jenkins Stored Cross-site Scripting vulnerability High
CVE-2023-39151 was published for org.jenkins-ci.main:jenkins-core (Maven) Jul 26, 2023
daniel-beck
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email High
CVE-2023-35155 was published for org.xwiki.platform:xwiki-platform-sharepage-api (Maven) Jun 20, 2023
Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-35145 was published for org.jenkins-ci.plugins:sonargraph-integration (Maven) Jun 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database