Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
985
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

3,066 advisories

Loading
Jakarta Tomcat cross-site scripting (XSS) vulnerability Moderate
CVE-2003-0044 was published for org.apache.tomcat:tomcat (Maven) Apr 29, 2022
Jakarta Tomcat Denial of Service vulnerability Moderate
CVE-2003-0045 was published for org.apache.tomcat:tomcat (Maven) Apr 29, 2022
Jakarta Tomcat Directory Listing vulnerability Moderate
CVE-2003-0042 was published for org.apache.tomcat:tomcat (Maven) Apr 29, 2022
Reflected XSS on clients-registrations endpoint Moderate
GHSA-m98g-63qj-fp8j was published for org.keycloak:keycloak-parent (Maven) Apr 28, 2022
Keycloak is vulnerable to IDN homograph attack Moderate
CVE-2021-3424 was published for org.keycloak:keycloak-services (Maven) Apr 28, 2022
Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml Moderate
CVE-2022-24898 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 28, 2022
Cross-site Scripting in org.owasp.esapi:esapi Moderate
CVE-2022-24891 was published for org.owasp.esapi:esapi (Maven) Apr 27, 2022
xeno6696 kwwall
Credited to xeno6696 and kwwall
Improper authorization in Keycloak Moderate
CVE-2022-1466 was published for org.keycloak:keycloak-core (Maven) Apr 27, 2022
Page Compare Reflected Cross-site Scripting (XSS) vulnerability Moderate
CVE-2022-28820 was published for com.adobe.acs:acs-aem-commons (Maven) Apr 26, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via web content template names Moderate
CVE-2022-26596 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 26, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via the site name Moderate
CVE-2022-26597 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 26, 2022
Jenkins CI Game Plugin allows Cross-Site Scripting (XSS) Moderate
CVE-2012-4441 was published for org.jenkins-ci.plugins:ci-game (Maven) Apr 23, 2022
Jenkins Violation Plugin allows Cross-Site Scripting (XSS) Moderate
CVE-2012-4440 was published for org.jenkins-ci.plugins:violations (Maven) Apr 23, 2022
Jenkins allows Cross-Site Scripting (XSS) via Crafted URL Moderate
CVE-2012-4439 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 23, 2022
Cross-site Scripting in OWASP AntiSamy Moderate
CVE-2022-29577 was published for org.owasp.antisamy:antisamy (Maven) Apr 23, 2022
Cross-site Scripting in OWASP AntiSamy Moderate
CVE-2022-28367 was published for org.owasp.antisamy:antisamy (Maven) Apr 23, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Moderate
CVE-2011-2487 was published for org.apache.ws.security:wss4j (Maven) Apr 22, 2022
Denial of service in Spring Security OAuth2 Moderate
CVE-2022-22969 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Apr 22, 2022
ebickle SunBK201
Credited to ebickle and SunBK201
Liferay Portal and Liferay DXP fails to check permissions to view sites/groups Moderate
CVE-2022-26595 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Apr 20, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category Moderate
CVE-2022-26593 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 20, 2022
Metrics exposure in Wildfly Moderate
CVE-2021-3503 was published for org.wildfly:wildfly-metrics (Maven) Apr 19, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via form field Moderate
CVE-2022-26594 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 16, 2022
Cross-site Scripting in Jenkins Credentials Plugin Moderate
CVE-2022-29036 was published for org.jenkins-ci.plugins:credentials (Maven) Apr 13, 2022
Stored XSS in Jenkins CVS Plugin Moderate
CVE-2022-29037 was published for org.jenkins-ci.plugins:cvs (Maven) Apr 13, 2022
westonsteimel
Credited to westonsteimel
Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin Moderate
CVE-2022-29038 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Apr 13, 2022
NotMyFault
Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database