GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Critical
CVE-2023-46732
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Nov 8, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
High
CVE-2023-35157
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
Critical
CVE-2023-35153
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 20, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting
High
CVE-2023-29508
was published
for
org.xwiki.platform:xwiki-platform-livedata-macro
(Maven)
Apr 12, 2023
HTML Injection in Keycloak Admin REST API
Moderate
CVE-2022-1274
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 1, 2023
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Moderate
GHSA-755v-r4x4-qf7m
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 29, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
High
CVE-2022-36096
was published
for
org.xwiki.platform:xwiki-platform-index-ui
(Maven)
Sep 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
High
CVE-2022-36097
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Sep 16, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
High
CVE-2022-36094
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
HTML Injection in ActiveMQ Artemis Web Console
Moderate
CVE-2022-35278
was published
for
org.apache.activemq:artemis-server
(Maven)
Aug 24, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
Apache Tomcat's CookieExample Vulnerable to XSS
Moderate
CVE-2007-3384
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat SendMailServlet XSS
Moderate
CVE-2007-3383
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat XSS Vulnerability
Moderate
CVE-2006-7195
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Struts Cross-site scripting Vulnerability
Moderate
CVE-2005-3745
was published
for
org.apache.struts:struts-core
(Maven)
May 1, 2022
Jetty Javascript Inclusion Vulnerability
Moderate
CVE-2002-1533
was published
for
org.mortbay.jetty:jetty
(Maven)
Apr 30, 2022
Apache Tomcat allows webmasters to insert xss into error messages
Moderate
CVE-2001-0829
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
Stored cross-site scripting in Grid component in Vaadin 7 and 8
Moderate
CVE-2019-25028
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API