GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
996 advisories
Filter by severity
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Improper Restriction of XML External Entity Reference in ladon
Critical
CVE-2019-1010268
was published
for
ladon
(pip)
Jul 26, 2019
Vulnerability that affects org.apache.pdfbox:pdfbox
Critical
CVE-2019-0228
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jul 5, 2019
Improper Restriction of XML External Entity Reference in DiffPlug Spotless
High
CVE-2019-9843
was published
for
com.diffplug.spotless:spotless-maven-plugin
(Maven)
Jul 5, 2019
XML External Entity injection in Apache Camel
High
CVE-2019-0188
was published
for
org.apache.camel:camel-core
(Maven)
May 29, 2019
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Moderate
CVE-2019-9658
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Mar 14, 2019
Low severity vulnerability that affects org.springframework.batch:spring-batch-core
Low
CVE-2019-3774
was published
for
org.springframework.batch:spring-batch-core
(Maven)
Jan 25, 2019
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
Critical
CVE-2019-3773
was published
for
org.springframework.ws:spring-ws
(Maven)
Jan 25, 2019
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml
Low
CVE-2019-3772
was published
for
org.springframework.integration:spring-integration-ws
(Maven)
Jan 25, 2019
XML External Entity Reference in Apache Karaf
Critical
CVE-2018-11788
was published
for
org.apache.karaf.specs:org.apache.karaf.specs.java.xml
(Maven)
Jan 7, 2019
XML External Entity Reference in mchange:c3p0
Critical
CVE-2018-20433
was published
for
com.mchange:c3p0
(Maven)
Jan 7, 2019
XML External Entity Reference (XXE) in jackson-databind
Critical
CVE-2018-14720
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
XML External Entity (XXE) vulnerability in Square Retrofit
Critical
CVE-2018-1000844
was published
for
com.squareup.retrofit2:retrofit
(Maven)
Dec 21, 2018
XML External Entity (XXE) vulnerability in bw-calendar-engine
Critical
CVE-2018-1000836
was published
for
org.bedework.caleng:bw-calendar-engine
(Maven)
Dec 20, 2018
exist-db:exist-core XML External Entity (XXE) vulnerability
Critical
CVE-2018-1000823
was published
for
org.exist-db:exist-core
(Maven)
Dec 20, 2018
XML External Entity (XXE) vulnerability in codelibs fess
Critical
CVE-2018-1000822
was published
for
org.codelibs.fess:fess
(Maven)
Dec 20, 2018
XML External Entity (XXE) vulnerability in neo4j.procedure:apoc
Critical
CVE-2018-1000820
was published
for
org.neo4j.procedure:apoc
(Maven)
Dec 20, 2018
Improper Restriction of XML External Entity Reference in bedework:bw-webdav
High
CVE-2018-20000
was published
for
org.bedework:bw-webdav
(Maven)
Dec 19, 2018
Improper Restriction of XML External Entity Reference in pippo-core
Critical
CVE-2018-20059
was published
for
ro.pippo:pippo-core
(Maven)
Dec 19, 2018
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
High
CVE-2018-17186
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Eclipse RDF4j vulnerable to XML External Entitiy
Critical
CVE-2018-1000644
was published
for
org.eclipse.rdf4j:rdf4j-runtime
(Maven)
Oct 19, 2018
Android SVG vulnerable to XML External Entity (XXE)
High
CVE-2017-1000498
was published
for
com.caverock:androidsvg
(Maven)
Oct 19, 2018
Apache juddi-client vulnerable to XML External Entity (XXE)
High
CVE-2018-1307
was published
for
org.apache.juddi:juddi-client
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore
High
CVE-2016-4216
was published
for
com.adobe.xmp:xmpcore
(Maven)
Oct 19, 2018
ProTip!
Advisories are also available from the
GraphQL API