GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
Critical
CVE-2023-35161
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
Critical
CVE-2023-35160
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
Critical
CVE-2023-35159
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
Critical
CVE-2023-35156
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template
Critical
CVE-2023-35162
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
Critical
CVE-2023-35153
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 20, 2023
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
Critical
CVE-2023-34464
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Jun 20, 2023
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
Critical
CVE-2023-32070
was published
for
org.xwiki.platform:xwiki-core-rendering-api
(Maven)
May 11, 2023
Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml
Critical
CVE-2023-31126
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
May 9, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template
Critical
CVE-2023-32071
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
May 9, 2023
Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml
Critical
CVE-2023-29528
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 20, 2023
org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins
Critical
CVE-2023-29206
was published
for
org.xwiki.platform:xwiki-platform-skin-skinx
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
Critical
CVE-2023-29205
was published
for
org.xwiki.platform:xwiki-platform-rendering-xwiki
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
Critical
CVE-2023-29202
was published
for
org.xwiki.platform:xwiki-core-rendering-macro-rss
(Maven)
Apr 12, 2023
org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability
Critical
CVE-2023-29201
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 12, 2023
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Critical
CVE-2022-36098
was published
for
org.xwiki.platform:xwiki-platform-mentions-ui
(Maven)
Sep 16, 2022
Java Melody vulnerable to cross-site scripting
Critical
CVE-2016-1000273
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Jul 20, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
Cross-site Scripting in com.erudika:para-core
Critical
CVE-2022-1782
was published
for
com.erudika:para-core
(Maven)
May 19, 2022
keycloak Self Stored Cross-site Scripting vulnerability
Critical
CVE-2021-20195
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 8, 2021
XSS Cross Site Scripting
Critical
CVE-2021-29459
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 22, 2021
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
ProTip!
Advisories are also available from the
GraphQL API