GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Critical
CVE-2023-49733
was published
for
org.apache.cocoon:cocoon
(Maven)
Nov 30, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Critical
CVE-2023-46502
was published
for
org.opencrx:opencrx-client
(Maven)
Oct 31, 2023
java-xmlbuilder vulnerable to XML External Entity Reference
Critical
CVE-2014-125087
was published
for
com.jamesmurty.utils:java-xmlbuilder
(Maven)
Feb 19, 2023
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin
Critical
CVE-2023-24430
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Jan 26, 2023
XML Entity Expansion in Jenkins TestComplete support Plugin
Critical
CVE-2023-24443
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
Jan 26, 2023
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Critical
CVE-2023-24429
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Jan 26, 2023
dssp vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2016-15011
was published
for
be.e_contract.dssp:dssp-client
(Maven)
Jan 6, 2023
bonita-connector-webservice XML External Entity vulnerability
Critical
CVE-2020-36640
was published
for
org.bonitasoft.connectors:bonita-connector-webservice
(Maven)
Jan 5, 2023
aXMLRPC XML External Entity vulnerability
Critical
CVE-2020-36641
was published
for
fr.turri:aXMLRPC
(Maven)
Jan 5, 2023
iText RUPS XML External Entity vulnerability
Critical
CVE-2017-20151
was published
for
com.itextpdf:itext-rups
(Maven)
Dec 30, 2022
XML External Entity Reference in Jenkins CCCC Plugin
Critical
CVE-2022-45395
was published
for
com.thalesgroup.jenkins-ci.plugins:cccc
(Maven)
Nov 16, 2022
Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack
Critical
CVE-2022-39135
was published
for
org.apache.calcite:calcite-core
(Maven)
Sep 12, 2022
Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2
Critical
CVE-2015-8031
was published
for
org.jvnet.hudson.main:hudson-core
(Maven)
Jul 15, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
XML External Entity Reference in drools
Critical
CVE-2021-41411
was published
for
org.drools:drools-core
(Maven)
Jun 17, 2022
Improper Restriction of XML External Entity Reference in Stanford CoreNLP
Critical
CVE-2021-3878
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin
Critical
CVE-2021-21669
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
May 24, 2022
XML external entity vulnerability in Jenkins Nuget Plugin
Critical
CVE-2021-21658
was published
for
org.jenkins-ci.plugins:nuget
(Maven)
May 24, 2022
Improper Restriction of XML External Entity Reference in Mulesoft APIkit
Critical
CVE-2020-10991
was published
for
rg.mule.modules:mule-apikit-module
(Maven)
May 24, 2022
Apache OpenMeetings does not correctly validate uploaded XML documents
Critical
CVE-2017-7664
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
XML External Entity Reference in Apache Sling
Critical
CVE-2016-6798
was published
for
org.apache.sling:org.apache.sling.xss
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Jelly
Critical
CVE-2017-12621
was published
for
commons-jelly:commons-jelly
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache OpenNLP
Critical
CVE-2017-12620
was published
for
org.apache.opennlp:opennlp-tools
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi
Critical
CVE-2018-1309
was published
for
org.apache.nifi:nifi-standard-processors
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Critical
CVE-2015-3208
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API