Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
XWiki has Reflected Cross-Site Scripting (XSS) in page history compare Moderate
CVE-2026-40105 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 14, 2026
mikecole-mg Credited to mikecole-mg
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages Moderate
CVE-2026-24128 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jan 23, 2026
mikecole-mg Credited to mikecole-mg
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication Moderate
CVE-2025-66472 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Dec 10, 2025
4rdr Credited to 4rdr
Apache SkyWalking has a stored XSS vulnerability Moderate
CVE-2025-54057 was published for org.apache.skywalking:apm-webapp (Maven) Nov 27, 2025
oscerd Credited to oscerd
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user Moderate
CVE-2024-46910 was published for org.apache.atlas:apache-atlas (Maven) Feb 13, 2025
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution Critical
CVE-2024-41947 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jul 31, 2024
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu Critical
CVE-2023-46732 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Nov 8, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters Critical
CVE-2023-35153 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 20, 2023
renniepak Credited to renniepak
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
HTML Injection in Keycloak Admin REST API Moderate
CVE-2022-1274 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown Moderate
GHSA-755v-r4x4-qf7m was published for org.keycloak:keycloak-core (Maven) Nov 29, 2022
jxn0 Credited to jxn0
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list High
CVE-2022-36096 was published for org.xwiki.platform:xwiki-platform-index-ui (Maven) Sep 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form High
CVE-2022-36097 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Sep 16, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history High
CVE-2022-36094 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
HTML Injection in ActiveMQ Artemis Web Console Moderate
CVE-2022-35278 was published for org.apache.activemq:artemis-server (Maven) Aug 24, 2022
Cross-site Scripting in the Flamingo theme manager High
CVE-2022-29251 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) May 25, 2022
Apache Tomcat's CookieExample Vulnerable to XSS Moderate
CVE-2007-3384 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Tomcat SendMailServlet XSS Moderate
CVE-2007-3383 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Tomcat XSS Vulnerability Moderate
CVE-2006-7195 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Struts Cross-site scripting Vulnerability Moderate
CVE-2005-3745 was published for org.apache.struts:struts-core (Maven) May 1, 2022
Jetty Javascript Inclusion Vulnerability Moderate
CVE-2002-1533 was published for org.mortbay.jetty:jetty (Maven) Apr 30, 2022
Apache Tomcat allows webmasters to insert xss into error messages Moderate
CVE-2001-0829 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Stored cross-site scripting in Grid component in Vaadin 7 and 8 Moderate
CVE-2019-25028 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database