GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
224 advisories
Filter by severity
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
Moderate
CVE-2013-6407
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
XML External Entity Reference in RESTEasy
Moderate
CVE-2014-7839
was published
for
org.jboss.resteasy:resteasy-jaxrs
(Maven)
May 17, 2022
Apache OpenMeetings does not correctly validate uploaded XML documents
Critical
CVE-2017-7664
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
XML External Entity Reference in Apache Sling
Critical
CVE-2016-6798
was published
for
org.apache.sling:org.apache.sling.xss
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2014-3529
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Jelly
Critical
CVE-2017-12621
was published
for
commons-jelly:commons-jelly
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache OpenNLP
Critical
CVE-2017-12620
was published
for
org.apache.opennlp:opennlp-tools
(Maven)
May 17, 2022
XML External Entity Reference in Apache NiFi
Moderate
CVE-2017-12623
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
XML External Entity Reference in org.picketlink:picketlink-common
High
CVE-2014-3530
was published
for
org.picketlink:picketlink-common
(Maven)
May 14, 2022
XXE vulnerability in Jenkins DRY Plugin
High
CVE-2018-1000010
was published
for
org.jvnet.hudson.plugins:dry
(Maven)
May 14, 2022
XXE vulnerability in Jenkins Checkstyle Plugin
High
CVE-2018-1000009
was published
for
org.jvnet.hudson.plugins:checkstyle
(Maven)
May 14, 2022
XXE vulnerability in Jenkins PMD Plugin
High
CVE-2018-1000008
was published
for
org.jvnet.hudson.plugins:pmd
(Maven)
May 14, 2022
XML External Entity Reference in Jenkins FindBugs Plugin
High
CVE-2018-1000011
was published
for
org.jvnet.hudson.plugins.findbugs:library
(Maven)
May 14, 2022
XXE vulnerability Jenkins Warnings Plugin
High
CVE-2018-1000012
was published
for
org.jvnet.hudson.plugins:warnings
(Maven)
May 14, 2022
XXE vulnerability in Jenkins Android Lint Plugin
High
CVE-2018-1000055
was published
for
org.jvnet.hudson.plugins:android-lint
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin
High
CVE-2018-1000056
was published
for
org.jenkins-ci.plugins:junit
(Maven)
May 14, 2022
Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference
High
CVE-2018-1000054
was published
for
org.jvnet.hudson.plugins:ccm
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi
Critical
CVE-2018-1309
was published
for
org.apache.nifi:nifi-standard-processors
(Maven)
May 14, 2022
XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin
Moderate
CVE-2018-1000198
was published
for
com.blackducksoftware.integration:blackduck-hub
(Maven)
May 14, 2022
WeChat Pay Java SDK allows XXE
High
CVE-2018-13439
was published
for
com.github.wxpay:wxpay-sdk
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Critical
CVE-2015-3208
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
XML External Entity Reference in Apache Cayenne
High
CVE-2018-11758
was published
for
org.apache.cayenne:cayenne-parent
(Maven)
May 14, 2022
Apache XML-RPC XXE Vulnerability
High
CVE-2016-5002
was published
for
org.apache.xmlrpc:xmlrpc
(Maven)
May 14, 2022
XML External Entity Reference in weixin-java-tools
Critical
CVE-2019-5312
was published
for
com.github.binarywang:weixin-java-common
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in PMD
High
CVE-2019-7722
was published
for
net.sourceforge.pmd:pmd-core
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API