Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

224 advisories

Loading
Apache Solr UpdateRequestHandler for XML resolves XML External Entities Moderate
CVE-2013-6407 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
XML External Entity Reference in RESTEasy Moderate
CVE-2014-7839 was published for org.jboss.resteasy:resteasy-jaxrs (Maven) May 17, 2022
Apache OpenMeetings does not correctly validate uploaded XML documents Critical
CVE-2017-7664 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 17, 2022
XML External Entity Reference in Apache Sling Critical
CVE-2016-6798 was published for org.apache.sling:org.apache.sling.xss (Maven) May 17, 2022
wtwhite
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2014-3529 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Improper Restriction of XML External Entity Reference in Jelly Critical
CVE-2017-12621 was published for commons-jelly:commons-jelly (Maven) May 17, 2022
Improper Restriction of XML External Entity Reference in Apache OpenNLP Critical
CVE-2017-12620 was published for org.apache.opennlp:opennlp-tools (Maven) May 17, 2022
XML External Entity Reference in Apache NiFi Moderate
CVE-2017-12623 was published for org.apache.nifi:nifi (Maven) May 17, 2022
XML External Entity Reference in org.picketlink:picketlink-common High
CVE-2014-3530 was published for org.picketlink:picketlink-common (Maven) May 14, 2022
XXE vulnerability in Jenkins DRY Plugin High
CVE-2018-1000010 was published for org.jvnet.hudson.plugins:dry (Maven) May 14, 2022
XXE vulnerability in Jenkins Checkstyle Plugin High
CVE-2018-1000009 was published for org.jvnet.hudson.plugins:checkstyle (Maven) May 14, 2022
XXE vulnerability in Jenkins PMD Plugin High
CVE-2018-1000008 was published for org.jvnet.hudson.plugins:pmd (Maven) May 14, 2022
XML External Entity Reference in Jenkins FindBugs Plugin High
CVE-2018-1000011 was published for org.jvnet.hudson.plugins.findbugs:library (Maven) May 14, 2022
XXE vulnerability Jenkins Warnings Plugin High
CVE-2018-1000012 was published for org.jvnet.hudson.plugins:warnings (Maven) May 14, 2022
XXE vulnerability in Jenkins Android Lint Plugin High
CVE-2018-1000055 was published for org.jvnet.hudson.plugins:android-lint (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin High
CVE-2018-1000056 was published for org.jenkins-ci.plugins:junit (Maven) May 14, 2022
Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2018-1000054 was published for org.jvnet.hudson.plugins:ccm (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi Critical
CVE-2018-1309 was published for org.apache.nifi:nifi-standard-processors (Maven) May 14, 2022
XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin Moderate
CVE-2018-1000198 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 14, 2022
WeChat Pay Java SDK allows XXE High
CVE-2018-13439 was published for com.github.wxpay:wxpay-sdk (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2015-3208 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
XML External Entity Reference in Apache Cayenne High
CVE-2018-11758 was published for org.apache.cayenne:cayenne-parent (Maven) May 14, 2022
Apache XML-RPC XXE Vulnerability High
CVE-2016-5002 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
Improper Restriction of XML External Entity Reference in PMD High
CVE-2019-7722 was published for net.sourceforge.pmd:pmd-core (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API