Browse Security Advisories
Security Advisories for https://github.com/jquery/jquery Clear Filters
Moderate
about 4 years ago
jQuery vulnerable to Cross-Site Scripting (XSS)
nuget, npm
jQuery, jquery
Moderate
almost 6 years ago
Cross-Site Scripting in jquery
nuget, maven, npm
jQuery, org.webjars.npm:jquery, jquery
Moderate
about 6 years ago
Potential XSS vulnerability in jQuery
maven, nuget, rubygems
org.webjars.npm:jquery, jQuery, jquery-rails
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may exec...
cpan
Zabbix-Reporter
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This proble...
cpan
Zabbix-Reporter
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This proble...
cpan
Plack-Debugger
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may exec...
cpan
Plack-Debugger
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may exec...
cpan
Zonemaster-GUI
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This proble...
cpan
App-Netdisco
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may exec...
cpan
App-Netdisco
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This proble...
cpan
Ukigumo-Server
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may exec...
cpan
Ukigumo-Server
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This proble...
cpan
Resource-Pack-jQuery
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may exec...
cpan
Resource-Pack-jQuery
Moderate
about 6 years ago
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This proble...
cpan
Zonemaster-GUI
Moderate
about 7 years ago
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
nuget, npm, pypi, rubygems
jQuery, jquery, django, jquery-rails
Moderate
about 7 years ago
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the nat...
cpan
Zabbix-Reporter
Moderate
about 7 years ago
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the nat...
cpan
Plack-Debugger
Moderate
about 7 years ago
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the nat...
cpan
Zonemaster-GUI
Moderate
about 7 years ago
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the nat...
cpan
App-Netdisco
Moderate
about 7 years ago
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the nat...
cpan
Ukigumo-Server
Moderate
about 7 years ago
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the nat...
cpan
Resource-Pack-jQuery
Moderate
over 8 years ago
Cross-Site Scripting (XSS) in jquery
maven, rubygems, npm, nuget
org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Moderate
over 8 years ago
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
cpan
Resource-Pack-jQuery
Moderate
over 8 years ago
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for...
cpan
Plack-Debugger
Moderate
over 8 years ago
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for...
cpan
Zabbix-Reporter
Moderate
over 8 years ago
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for...
cpan
Ukigumo-Server
Moderate
over 8 years ago
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for...
cpan
Resource-Pack-jQuery
Moderate
over 8 years ago
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for...
cpan
Zonemaster-GUI
Moderate
over 8 years ago
jquery-ui Tooltip widget vulnerable to XSS
nuget, maven, rubygems, npm
jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Filter by Severity
Filter by Source
Filter by Ecosystem
maven
7,690
npm
6,781
packagist
6,589
pypi
6,337
go
4,699
nuget
3,726
cargo
1,566
rubygems
1,048
cpan
889
hex
141
actions
56
swift
51
pub
10
Filter by Package
openclaw
551
moodle/moodle
437
tensorflow
433
tensorflow-cpu
402
tensorflow-gpu
389
magento/community-edition
360
org.jenkins-ci.main:jenkins-core
252
Microsoft.ChakraCore
247
github.com/mattermost/mattermost/server/v8
195
typo3/cms
168
github.com/mattermost/mattermost-server
168
com.liferay.portal:release.portal.bom
151
org.apache.tomcat:tomcat
150
wwbn/avideo
144
pimcore/pimcore
132
Magick.NET-Q16-HDRI-AnyCPU
127
Magick.NET-Q16-AnyCPU
127
com.liferay.portal:release.dxp.bom
125
dolibarr/dolibarr
124
Magick.NET-Q16-HDRI-OpenMP-arm64
121
typo3/cms-core
121
Magick.NET-Q16-HDRI-x86
120
magento/project-community-edition
120
Magick.NET-Q16-HDRI-arm64
119
Magick.NET-Q16-HDRI-x64
118
concrete5/concrete5
116
parse-server
116
Magick.NET-Q16-OpenMP-arm64
114
Magick.NET-Q16-OpenMP-x64
112
Magick.NET-Q16-arm64
111
apache-airflow
111
Magick.NET-Q16-x86
111
Magick.NET-Q8-AnyCPU
110
Magick.NET-Q8-arm64
107
Magick.NET-Q8-OpenMP-arm64
107
Django
107
open-webui
107
phpmyadmin/phpmyadmin
107
drupal/core
107
microweber/microweber
105
Magick.NET-Q8-OpenMP-x64
105
Magick.NET-Q8-x86
105
Magick.NET-Q16-x64
105
thorsten/phpmyfaq
104
craftcms/cms
103
Magick.NET-Q8-x64
102
librenms/librenms
100
n8n
100
symfony/symfony
91
silverstripe/framework
90
Magick.NET-Q16-HDRI-OpenMP-x64
87
flowise
86
org.keycloak:keycloak-services
84
com.fasterxml.jackson.core:jackson-databind
77
github.com/usememos/memos
75
gogs.io/gogs
75
mlflow
74
shopware/platform
74
drupal/drupal
72
getgrav/grav
69
salt
67
apache-superset
66
mantisbt/mantisbt
65
ansible
65
shopware/core
64
github.com/grafana/grafana
62
Magick.NET-Q16-OpenMP-x86
61
picklescan
59
actionpack
59
github.com/rancher/rancher
58
org.apache.tomcat.embed:tomcat-embed-core
58
org.apache.struts:struts2-core
58
snipe/snipe-it
57
baserproject/basercms
56
nokogiri
56
directus
56
next
55
nocodb
54
Plone
54
vllm
53
froxlor/froxlor
53
github.com/hashicorp/vault
52
github.com/siyuan-note/siyuan/kernel
51
org.keycloak:keycloak-core
50
rack
50
mautic/core
50
nova
49
admidio/admidio
49
django
48
gradio
47
electron
47
getkirby/cms
47
pyload-ng
46
perl
46
matrix-synapse
45
org.xwiki.platform:xwiki-platform-oldcore
45
vyper
44
coreutils
44
aiohttp
44
org.elasticsearch:elasticsearch
44
vm2
43
github.com/traefik/traefik/v2
43
rdiffweb
43
k8s.io/kubernetes
42
showdoc/showdoc
42
code.gitea.io/gitea
42
nilsteampassnet/teampass
42
DBD-SQLite
42
github.com/mattermost/mattermost-server/v6
41
intelliants/subrion
41
plone
41
org.apache.tomcat:tomcat-catalina
40
hono
40
phpmyfaq/phpmyfaq
40
github.com/traefik/traefik/v3
40
praisonai
39
io.undertow:undertow-core
39
wasmtime
39
net.mingsoft:ms-mcms
39
github.com/zitadel/zitadel
38
MT
37
com.thoughtworks.xstream:xstream
37
PraisonAI
37
github.com/argoproj/argo-cd/v2
37
ci4-cms-erp/ci4ms
36
com.jfinal:jfinal
36
deno
36
DotNetNuke.Core
36
github.com/cilium/cilium
35
keystone
35
moin
35
github.com/hashicorp/nomad
34
pillow
34
org.jenkins-ci.plugins:script-security
34
github.com/filebrowser/filebrowser/v2
34
github.com/answerdev/answer
34
shopware/shopware
34
code.vikunja.io/api
33
axios
33
github.com/docker/docker
33
praisonaiagents
33
zendframework/zendframework1
32
pypdf
32
langflow
32
statamic/cms
32
github.com/hashicorp/consul
32
github.com/argoproj/argo-cd
31
opencv-contrib-python
31
surrealdb
31
contao/core-bundle
31
opencv-python
31
prestashop/prestashop
31
org.opencms:opencms-core
31
undici
30
org.springframework.security:spring-security-core
30
pocketmine/pocketmine-mp
30
github.com/openbao/openbao
29
org.apache.solr:solr-core
29
Pillow
28
phpoffice/phpspreadsheet
28
mediawiki/core
28
centreon/centreon
27
@anthropic-ai/claude-code
27
github.com/nats-io/nats-server/v2
27
github.com/fleetdm/fleet/v4
26
org.eclipse.jetty:jetty-server
26
github.com/ethereum/go-ethereum
26
pgadmin4
26
dompurify
26
cockpit-hq/cockpit
26
org.keycloak:keycloak-parent
26
github.com/openfga/openfga
26
funadmin/funadmin
26
openmage/magento-lts
26
openssl-src
25
litellm
25
org.apache.openmeetings:openmeetings-parent
25
rubygems-update
25
grumpydictator/firefly-iii
25
laravel/framework
25
ghost
24
magento/core
24
github.com/traefik/traefik
24
github.com/goharbor/harbor
23
remdex/livehelperchat
23
puppet
23
typo3/cms-backend
23
activerecord
23
org.xwiki.platform:xwiki-platform-web-templates
23
simplesamlphp/simplesamlphp
22
Microsoft.AspNetCore.App.Runtime.win-x64
22
org.bouncycastle:bcprov-jdk15on
22
glance
22
vite
22
org.apache.tomcat:tomcat-coyote
22
weblate
22
ethyca-fides
22
tribalsystems/zenario
22
october/system
22
zendframework/zendframework
22
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/moodle/moodle
250
https://github.com/xwiki/xwiki-platform
222
https://github.com/chakra-core/ChakraCore
214
https://github.com/jenkinsci/jenkins
178
https://github.com/liferay/liferay-portal
170
https://github.com/django/django
121
https://github.com/apache/tomcat
118
https://github.com/jquery/jquery
118
https://github.com/pimcore/pimcore
116
https://github.com/apache/airflow
105
https://github.com/TYPO3/typo3
93
https://github.com/keycloak/keycloak
90
https://github.com/microweber/microweber
90
https://github.com/librenms/librenms
77
https://github.com/FasterXML/jackson-databind
70
https://github.com/rails/rails
70
https://github.com/thorsten/phpmyfaq
69
https://github.com/silverstripe/silverstripe-framework
68
https://github.com/usememos/memos
68
https://github.com/kubernetes/kubernetes
66
https://github.com/symfony/symfony
64
https://github.com/Dolibarr/dolibarr
60
https://github.com/mattermost/mattermost
59
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/spring-projects/spring-framework
51
https://github.com/argoproj/argo-cd
50
https://github.com/grafana/grafana
47
https://github.com/apache/struts
47
https://github.com/rancher/rancher
46
https://github.com/mautic/mautic
46
https://github.com/phpmyadmin/phpmyadmin
45
https://github.com/concretecms/concretecms
44
https://github.com/vyperlang/vyper
44
https://github.com/mantisbt/mantisbt
42
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/shopware/platform
42
https://github.com/directus/directus
41
https://github.com/craftcms/cms
41
https://github.com/shopware/shopware
40
https://github.com/mmaitre314/picklescan
39
https://github.com/star7th/showdoc
39
https://github.com/gradio-app/gradio
38
https://github.com/openstack/nova
38
https://github.com/magento/magento2
38
https://github.com/dotnet/runtime
38
https://github.com/x-stream/xstream
37
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/octobercms/october
36
https://github.com/sparklemotion/nokogiri
35
https://github.com/umbraco/Umbraco-CMS
35
https://github.com/apache/activemq
34
https://github.com/answerdev/answer
34
https://github.com/parse-community/parse-server
34
https://github.com/matrix-org/synapse
32
https://github.com/opencv/opencv
32
https://github.com/go-gitea/gitea
32
https://github.com/cilium/cilium
31
https://github.com/PaddlePaddle/Paddle
31
https://github.com/apache/inlong
31
https://github.com/snipe/snipe-it
30
https://github.com/contao/contao
30
https://github.com/rack/rack
29
https://github.com/CVEProject/cvelist
28
https://github.com/FlowiseAI/Flowise
28
https://github.com/gogs/gogs
28
https://github.com/strapi/strapi
28
https://github.com/electron/electron
28
https://github.com/openstack/keystone
28
https://github.com/netty/netty
27
https://github.com/apache/nifi
26
https://github.com/geoserver/geoserver
26
https://github.com/froxlor/froxlor
26
https://github.com/zitadel/zitadel
26
https://github.com/baserproject/basercms
26
https://github.com/github/advisory-database
26
https://github.com/traefik/traefik
25
https://github.com/langchain-ai/langchain
25
https://github.com/denoland/deno
25
https://github.com/vllm-project/vllm
25
https://github.com/pmmp/PocketMine-MP
25
https://github.com/bcgit/bc-java
25
https://github.com/vercel/next.js
25
https://github.com/surrealdb/surrealdb
25
https://github.com/pyload/pyload
24
https://github.com/hashicorp/consul
24
https://github.com/apache/cxf
24
https://github.com/getgrav/grav
24
https://github.com/run-llama/llama_index
24
https://github.com/TYPO3/TYPO3.CMS
23
https://github.com/moby/moby
23
https://github.com/dnnsoftware/Dnn.Platform
23
https://github.com/nilsteampassnet/TeamPass
23
https://github.com/livehelperchat/livehelperchat
23
https://github.com/eclipse/jetty.project
23
https://github.com/bytecodealliance/wasmtime
23
https://github.com/PrestaShop/PrestaShop
23
https://github.com/erlang/otp
23
https://github.com/firefly-iii/firefly-iii
23
https://github.com/Perl/perl5
22
https://github.com/jenkinsci/script-security-plugin
22
https://github.com/getkirby/kirby
22
https://github.com/nervosnetwork/ckb
22
https://github.com/PHPOffice/PhpSpreadsheet
22
https://github.com/helm/helm
22
https://github.com/laravel/framework
21
https://github.com/OpenZeppelin/openzeppelin-contracts
21
https://github.com/undertow-io/undertow
21
https://github.com/goharbor/harbor
21
https://github.com/hashicorp/vault
21
https://github.com/jeecgboot/jeecg-boot
20
https://github.com/OpenNMS/opennms
20
https://github.com/funadmin/funadmin
20
https://github.com/ethyca/fides
20
https://github.com/opencast/opencast
20
https://github.com/cloudfoundry/uaa
19
https://github.com/backstage/backstage
19
https://github.com/TYPO3-CMS/core
19
https://github.com/alkacon/opencms-core
19
https://github.com/containerd/containerd
19
https://github.com/huggingface/transformers
19
https://github.com/intelliants/subrion
19
https://github.com/nilsteampassnet/teampass
19
https://github.com/simplesamlphp/simplesamlphp
19
https://github.com/opencontainers/runc
18
https://github.com/vaadin/platform
18
https://github.com/rubygems/rubygems
18
https://github.com/apache/camel
18
https://github.com/OpenMage/magento-lts
18
https://github.com/mindsdb/mindsdb
17
https://github.com/ethereum/go-ethereum
17
https://github.com/vantage6/vantage6
17
https://github.com/openfga/openfga
17
https://github.com/liufee/cms
17
https://github.com/apache/kylin
17
https://github.com/quarkusio/quarkus
16
https://github.com/sequelize/sequelize
16
https://github.com/etcd-io/etcd
16
https://github.com/rusqlite/rusqlite
16
https://github.com/pyca/cryptography
16
https://github.com/vitejs/vite
16
https://github.com/tinymce/tinymce
16
https://github.com/dotnet/aspnetcore
16
https://github.com/yetiforcecompany/yetiforcecrm
16
https://github.com/forkcms/forkcms
16
https://github.com/twbs/bootstrap
16
https://github.com/hashicorp/nomad
16
https://github.com/sqlite/sqlite
15
https://github.com/xuxueli/xxl-job
15
https://github.com/containers/podman
15
https://github.com/zendframework/zendframework
15
https://github.com/PHPMailer/PHPMailer
15
https://github.com/aio-libs/aiohttp
15
https://github.com/puppetlabs/puppet
15
https://github.com/OPCFoundation/UA-.NETStandard
15
https://github.com/dompdf/dompdf
15
https://github.com/spring-projects/spring-security
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/decidim/decidim
15
https://github.com/cobbler/cobbler
15
https://github.com/nodejs/undici
15
https://github.com/thorsten/phpMyFAQ
15
https://github.com/centreon/centreon
15
https://github.com/drupal/core
15
https://github.com/ckeditor/ckeditor4
15
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/apache/zeppelin
14
https://github.com/publify/publify
14
https://github.com/ming-soft/MCMS
14
https://github.com/apache/superset
14
https://github.com/cosmos/cosmos-sdk
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/rails/rails-html-sanitizer
14
https://github.com/urllib3/urllib3
14
https://github.com/TryGhost/Ghost
14
https://github.com/pimcore/admin-ui-classic-bundle
14
https://github.com/Graylog2/graylog2-server
14
https://github.com/janeczku/calibre-web
14
https://github.com/golang/go
14
https://github.com/ImageMagick/ImageMagick
14
https://github.com/cockpit-hq/cockpit
14
https://github.com/twisted/twisted
14
https://github.com/OctoPrint/OctoPrint
13
https://github.com/dromara/hutool
13
https://github.com/OpenRefine/OpenRefine
13
https://sourceforge.net/projects/sourceforge.net
13
https://github.com/h2oai/h2o-3
13
https://github.com/zenml-io/zenml
13
https://github.com/modoboa/modoboa
13
https://github.com/laurent22/joplin
13
https://github.com/1Panel-dev/1Panel
13
https://github.com/apache/dolphinscheduler
13
https://github.com/swagger-api/swagger-ui
13
https://github.com/openbao/openbao
13
https://github.com/mojolicious/mojo
12
https://github.com/DSpace/DSpace
12