GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
513 advisories
Filter by severity
Reflected XSS on clients-registrations endpoint
Moderate
GHSA-m98g-63qj-fp8j
was published
for
org.keycloak:keycloak-parent
(Maven)
Apr 28, 2022
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
Moderate
CVE-2022-2256
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
Cross-Site Scripting in JSPWiki
Moderate
CVE-2019-10076
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
XSS in login form
Moderate
CVE-2019-13235
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
XSS issues in the management interface
Moderate
CVE-2019-13236
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
XSS in search engine
Moderate
CVE-2019-13234
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Stored XSS in Apache Atlas
Moderate
CVE-2019-10070
was published
for
org.apache.atlas:apache-atlas
(Maven)
Jan 8, 2020
Persistent Cross-Site scripting in Nexus Repository Manager
Moderate
CVE-2020-10203
was published
for
org.sonatype.nexus:nexus-core
(Maven)
Apr 14, 2020
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
Moderate
CVE-2016-10006
was published
for
org.owasp.antisamy:antisamy
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
Moderate
CVE-2019-0224
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Apr 2, 2019
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
Moderate
CVE-2017-7678
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Moderate severity vulnerability that affects org.b3log:symphony
Moderate
CVE-2019-9142
was published
for
org.b3log:symphony
(Maven)
Mar 6, 2019
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Moderate
CVE-2016-5395
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Cross-site Scripting in jspwiki-war
Moderate
CVE-2018-20242
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Feb 12, 2019
Moderate severity vulnerability that affects org.grails.plugins:fields and org.grails:grails-core
Moderate
CVE-2018-1000529
was published
for
org.grails.plugins:fields
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
Moderate
CVE-2018-20594
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
Moderate
CVE-2016-8751
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
JavaScript execution via malicious molfiles (XSS)
Moderate
GHSA-2pwh-52h7-7j84
was published
for
de.ipb-halle:molecularfaces
(Maven)
Apr 16, 2021
XSS in MITREid Connect
Moderate
CVE-2020-5497
was published
for
org.mitre:openid-connect-server
(Maven)
Apr 1, 2020
Cross-site Scripting in Nacos
Moderate
CVE-2021-44667
was published
for
com.alibaba.nacos:nacos-common
(Maven)
Mar 12, 2022
Injection in MockServer
Moderate
CVE-2021-32827
was published
for
org.mock-server:mockserver
(Maven)
Aug 30, 2021
Cross-site Scripting in Keycloak
Moderate
CVE-2021-20323
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 26, 2022
Cross-site Scripting in Jenkins SiteMonitor Plugin
Moderate
CVE-2022-28153
was published
for
org.jvnet.hudson.plugins:sitemonitor
(Maven)
Mar 30, 2022
Cross site scripting in Shopizer
Moderate
CVE-2022-23059
was published
for
com.shopizer:shopizer
(Maven)
Mar 30, 2022
Cross-site Scripting in Jenkins Credentials Plugin
Moderate
CVE-2022-29036
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Apr 13, 2022
ProTip!
Advisories are also available from the
GraphQL API