Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

11 advisories

Loading
XWiki Platform CSRF remote code execution through the realtime HTML Converter API Critical
CVE-2024-31988 was published for org.xwiki.platform:xwiki-platform-realtime-ui (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference Critical
CVE-2024-31986 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass Critical
CVE-2023-50722 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
Run Shell Command allows Cross-Site Request Forgery Critical
CVE-2023-48292 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token Critical
CVE-2023-46242 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API Critical
CVE-2023-37277 was published for com.xpn.xwiki.platform:xwiki-core-rest-server (Maven) Jul 10, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability Critical
CVE-2023-29213 was published for org.xwiki.platform:xwiki-platform-logging-ui (Maven) Apr 12, 2023
XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery Critical
CVE-2023-22457 was published for org.xwiki.contrib:application-ckeditor-ui (Maven) Jan 6, 2023
Insufficient user input in Apache Jetspeed-2 Critical
CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022
Cloud Foundry vulnerable to Cross-Site Request Forgery Critical
CVE-2016-6637 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cross-site scripting in Swagger-UI Critical
CVE-2019-17495 was published for io.springfox:springfox-swagger-ui (Maven) Oct 15, 2019
mustafanaa
ProTip! Advisories are also available from the GraphQL API