GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
723 advisories
Filter by severity
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Moderate
CVE-2016-7103
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS
Moderate
CVE-2012-6662
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Cross-site Scripting in jquery-ui
Moderate
CVE-2010-5312
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Cross-Site Scripting (XSS) in jquery
Moderate
CVE-2015-9251
was published
for
jQuery
(RubyGems)
Jan 22, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Moderate severity vulnerability that affects apache axis
Moderate
CVE-2018-8032
was published
for
axis:axis
(Maven)
Oct 16, 2018
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Moderate
CVE-2016-5395
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
Moderate
CVE-2016-8751
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
Moderate
CVE-2016-10006
was published
for
org.owasp.antisamy:antisamy
(Maven)
Oct 18, 2018
OWASP AntiSamy Cross-site Scripting vulnerability
Moderate
CVE-2017-14735
was published
for
org.owasp.antisamy:antisamy
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.grails.plugins:fields and org.grails:grails-core
Moderate
CVE-2018-1000529
was published
for
org.grails.plugins:fields
(Maven)
Oct 19, 2018
Apache ActiveMQ web console vulnerable to Cross-site Scripting
Moderate
CVE-2018-8006
was published
for
org.apache.activemq:activemq-web-console
(Maven)
Oct 30, 2018
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
Moderate
CVE-2017-7678
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Cross site scripting in org.apache.nifi:nifi
Moderate
CVE-2018-17193
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
Moderate
CVE-2018-20594
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Cross-site Scripting in jspwiki-war
Moderate
CVE-2018-20242
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Feb 12, 2019
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
Moderate severity vulnerability that affects org.b3log:symphony
Moderate
CVE-2019-9142
was published
for
org.b3log:symphony
(Maven)
Mar 6, 2019
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
Moderate
CVE-2019-0224
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Apr 2, 2019
Cross-site Scripting in Eclipse Jetty
Moderate
CVE-2019-10241
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Cross-site Scripting in Apache Zeppelin
Moderate
CVE-2018-1328
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Apr 24, 2019
ProTip!
Advisories are also available from the
GraphQL API