Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

671 advisories

Loading
Reflected XSS on clients-registrations endpoint Moderate
GHSA-m98g-63qj-fp8j was published for org.keycloak:keycloak-parent (Maven) Apr 28, 2022
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles Moderate
CVE-2022-2256 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
Cross-Site Scripting in JSPWiki Moderate
CVE-2019-10076 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 6, 2019
XSS in login form Moderate
CVE-2019-13235 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS issues in the management interface Moderate
CVE-2019-13236 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS in search engine Moderate
CVE-2019-13234 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Stored XSS in Apache Atlas Moderate
CVE-2019-10070 was published for org.apache.atlas:apache-atlas (Maven) Jan 8, 2020
Persistent Cross-Site scripting in Nexus Repository Manager Moderate
CVE-2020-10203 was published for org.sonatype.nexus:nexus-core (Maven) Apr 14, 2020
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main Moderate
CVE-2019-0224 was published for org.apache.jspwiki:jspwiki-main (Maven) Apr 2, 2019
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Moderate
CVE-2017-7678 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
Moderate severity vulnerability that affects org.b3log:symphony Moderate
CVE-2019-9142 was published for org.b3log:symphony (Maven) Mar 6, 2019
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML Moderate
CVE-2016-5395 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Cross-site Scripting in jspwiki-war Moderate
CVE-2018-20242 was published for org.apache.jspwiki:jspwiki-war (Maven) Feb 12, 2019
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons Moderate
CVE-2018-20594 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies Moderate
CVE-2016-8751 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
JavaScript execution via malicious molfiles (XSS) Moderate
GHSA-2pwh-52h7-7j84 was published for de.ipb-halle:molecularfaces (Maven) Apr 16, 2021
XSS in MITREid Connect Moderate
CVE-2020-5497 was published for org.mitre:openid-connect-server (Maven) Apr 1, 2020
Injection in MockServer Moderate
CVE-2021-32827 was published for org.mock-server:mockserver (Maven) Aug 30, 2021
Cross-site Scripting in Keycloak Moderate
CVE-2021-20323 was published for org.keycloak:keycloak-core (Maven) Mar 26, 2022
Cross-site Scripting in Jenkins SiteMonitor Plugin Moderate
CVE-2022-28153 was published for org.jvnet.hudson.plugins:sitemonitor (Maven) Mar 30, 2022
Cross site scripting in Shopizer Moderate
CVE-2022-23059 was published for com.shopizer:shopizer (Maven) Mar 30, 2022
Stored XSS in Jenkins CVS Plugin Moderate
CVE-2022-29037 was published for org.jenkins-ci.plugins:cvs (Maven) Apr 13, 2022
westonsteimel
Credited to westonsteimel
Cross-site Scripting in Jenkins Credentials Plugin Moderate
CVE-2022-29036 was published for org.jenkins-ci.plugins:credentials (Maven) Apr 13, 2022
Cross-site Scripting in OWASP AntiSamy Moderate
CVE-2022-28367 was published for org.owasp.antisamy:antisamy (Maven) Apr 23, 2022
Improper Neutralization of Input During Web Page Generation in Apache Hadoop Moderate
CVE-2017-3161 was published for org.apache.hadoop:hadoop-client (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database