Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page Low
CVE-2025-62255 was published for com.liferay:com.liferay.knowledge.base.web (Maven) Oct 23, 2025
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names Low
CVE-2025-11966 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
Xuxueli XXL-SSO Cross-site Scripting vulnerability Low
CVE-2025-6700 was published for com.xuxueli:xxl-sso (Maven) Jun 26, 2025
Liferay Portal is vulnerable to XSS attack through its Style Book theme Low
CVE-2025-43774 was published for com.liferay:com.liferay.frontend.taglib.clay (Maven) Sep 9, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container Low
CVE-2025-43753 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 22, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Low
CVE-2025-43733 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 18, 2025
Alkacon OpenCMS XSS via New User module Low
CVE-2019-11818 was published for org.opencms:opencms-core (Maven) May 24, 2022
Alkacon OpenCMS XSS via title and requestedResource parameters Low
CVE-2013-4600 was published for org.opencms:opencms-core (Maven) May 17, 2022
Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters Low
CVE-2015-2351 was published for org.opencms:opencms-core (Maven) May 14, 2022
Alkacon OpenCMS XSS via searchfilter parameter in system/workplace/admin/workplace/sessions.jsp Low
CVE-2008-1753 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter Low
CVE-2008-1510 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon Open CMS XSS via Logfile Viewer Settings function Low
CVE-2008-1300 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp Low
CVE-2008-1045 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCms XSS via query parameter in a search action Low
CVE-2006-2571 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCms XSS via unsanitized message body Low
CVE-2006-3933 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCms XSS via username during login Low
CVE-2005-4294 was published for org.opencms:opencms-core (Maven) May 1, 2022
OpenCMS Cross-Site Scripting vulnerability Low
CVE-2024-42699 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2011-4344 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2015-1813 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) in User Configuration Low
CVE-2013-5573 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Build Failure Analyzer Plugin allows Cross-Site Scripting (XSS) Low
CVE-2013-6374 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-6074 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2015-5326 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-0325 was published for org.jenkins-ci.main:jenkins-core (Maven) May 4, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-0324 was published for org.jenkins-ci.main:jenkins-core (Maven) May 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database