GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
224 advisories
Filter by severity
Apache ActiveMQ Apollo XXE Vulnerability
Critical
CVE-2014-3579
was published
for
org.apache.activemq:apollo-project
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Critical
CVE-2014-3600
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Apache uimaj
Moderate
CVE-2017-15691
was published
for
org.apache.uima:uimafit-core
(Maven)
May 14, 2022
SimpleXML vulnerable to XML External Entity (XXE)
Critical
CVE-2017-1000190
was published
for
org.simpleframework:simple-xml
(Maven)
May 14, 2022
XML External Entity Reference in jbpmmigration
Moderate
CVE-2017-7545
was published
for
org.jbpm.jbpm5:jbpmmigration
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Elasticsearch
Moderate
CVE-2018-17247
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
XXE vulnerability in Jenkins Job Import Plugin
Critical
CVE-2019-1003015
was published
for
org.jenkins-ci.plugins:job-import-plugin
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apace Derby
Critical
CVE-2015-1832
was published
for
org.apache.derby:derby
(Maven)
May 13, 2022
Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability
Moderate
CVE-2016-5000
was published
for
org.apache.poi:poi-examples
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in iText
High
CVE-2017-9096
was published
for
com.itextpdf:itextpdf
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache Batik
High
CVE-2017-5662
was published
for
org.apache.xmlgraphics:batik
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS
High
CVE-2016-8739
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache FOP
High
CVE-2017-5661
was published
for
org.apache.xmlgraphics:fop
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Castor
Moderate
CVE-2014-3004
was published
for
org.codehaus.castor:castor
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Spring Framework
High
CVE-2014-0225
was published
for
org.springframework:spring-webmvc
(Maven)
May 13, 2022
External Entity Reference in TwelveMonkeys ImageIO
Critical
CVE-2021-23792
was published
for
com.twelvemonkeys.imageio:imageio-metadata
(Maven)
May 7, 2022
XML External Entity Reference in apache jena
Critical
CVE-2022-28890
was published
for
org.apache.jena:jena
(Maven)
May 6, 2022
Multiple components in Apache NiFi do not restrict XML External Entity references
High
CVE-2022-29265
was published
for
org.apache.nifi:nifi
(Maven)
May 1, 2022
Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml
Moderate
CVE-2022-24898
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 28, 2022
XML External Entity Reference in detekt
High
CVE-2022-0272
was published
for
io.gitlab.arturbosch.detekt:detekt-core
(Maven)
Apr 22, 2022
Improper Restriction of XML External Entity Reference in wutka jox
Moderate
CVE-2021-43142
was published
for
com.wutka:jox
(Maven)
Apr 1, 2022
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin
High
CVE-2022-28155
was published
for
com.surenpi.jenkins:phoenix-autotest
(Maven)
Mar 30, 2022
XXE vulnerability in Jenkins Flaky Test Handler Plugin
High
CVE-2022-28140
was published
for
org.jenkins-ci.plugins:flaky-test-handler
(Maven)
Mar 30, 2022
enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability
High
CVE-2022-28154
was published
for
org.jenkins-ci.plugins:covcomplplot
(Maven)
Mar 30, 2022
Improper Restriction of XML External Entity Reference in soa-model
Critical
CVE-2021-43090
was published
for
com.predic8:soa-model-core
(Maven)
Mar 26, 2022
ProTip!
Advisories are also available from the
GraphQL API