GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Improper escaping in Apache Zeppelin
Critical
CVE-2024-31866
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Critical
CVE-2023-45135
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax
Moderate
CVE-2023-34036
was published
for
org.springframework.hateoas:spring-hateoas
(Maven)
Jul 17, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template
Critical
CVE-2023-32071
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
May 9, 2023
XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
Critical
CVE-2023-26472
was published
for
org.xwiki.platform:xwiki-platform-icon-ui
(Maven)
Mar 3, 2023
Keycloak Cross-site Scripting on OpenID connect login service
High
CVE-2022-4137
was published
for
org.keycloak:keycloak-parent
(Maven)
Mar 1, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Critical
CVE-2022-41934
was published
for
org.xwiki.platform:xwiki-platform-menu-ui
(Maven)
Nov 21, 2022
Heron allows CRLF log injection
Critical
CVE-2021-42010
was published
for
org.apache.heron:heron-api
(Maven)
Oct 24, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
Critical
CVE-2022-36099
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
Sep 16, 2022
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Critical
CVE-2022-36100
was published
for
org.xwiki.platform.applications:xwiki-application-tag
(Maven)
Sep 16, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API
Moderate
CVE-2022-32549
was published
for
org.apache.sling:org.apache.sling.api
(Maven)
Jun 23, 2022
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform
High
CVE-2022-29258
was published
for
org.xwiki.platform:xwiki-platform-filter-ui
(Maven)
Jun 1, 2022
Cross-site Scripting in wiki manager join wiki page
High
CVE-2022-29252
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
May 25, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
Stored XSS vulnerability in Jenkins Git Plugin
Moderate
CVE-2021-21684
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 24, 2022
Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10362
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Command injection in Apache Maven maven-shared-utils
Critical
CVE-2022-29599
was published
for
org.apache.maven.shared:maven-shared-utils
(Maven)
May 24, 2022
Cross-site Scripting in Jenkins Random String Parameter Plugin
Moderate
CVE-2022-30966
was published
for
org.jenkins-ci.plugins:random-string-parameter
(Maven)
May 18, 2022
Log value insertion in craftercms
Moderate
CVE-2021-23266
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
Improper escaping in XWiki Platform
High
CVE-2020-13654
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Feb 9, 2022
Path traversal in xwiki-platform-skin-skinx
Moderate
CVE-2022-23620
was published
for
org.xwiki.platform:xwiki-platform-skin-skinx
(Maven)
Feb 9, 2022
Authentication Bypass by Alternate Name in Apache Tomcat
Moderate
CVE-2021-30640
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
keycloak Self Stored Cross-site Scripting vulnerability
Critical
CVE-2021-20195
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 8, 2021
ProTip!
Advisories are also available from the
GraphQL API