GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
55 advisories
Filter by severity
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Moderate
CVE-2024-28168
was published
for
org.apache.xmlgraphics:fop-core
(Maven)
Oct 9, 2024
ClassGraph XML External Entity Reference
Moderate
CVE-2021-47621
was published
for
io.github.classgraph:classgraph
(Maven)
Jun 21, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Moderate
CVE-2022-47894
was published
for
org.apache.zeppelin:sap
(Maven)
Apr 9, 2024
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
Qualys Jenkins Plugin for WAS XML External Entity vulnerability
Moderate
CVE-2023-6149
was published
for
com.qualys.plugins:qualys-was
(Maven)
Jan 9, 2024
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability
Moderate
CVE-2023-6147
was published
for
com.qualys.plugins:qualys-pc
(Maven)
Jan 9, 2024
WSO2 products vulnerable to XML External Entity attack
Moderate
CVE-2023-6836
was published
for
org.wso2.am:wso2am
(Maven)
Dec 15, 2023
Duplicate Advisory: Eclipse IDE XXE in eclipse.platform
Moderate
GHSA-cc4w-3cff-j8fw
was published
for
org.eclipse.platform:eclipse.platform
(Maven)
Nov 9, 2023
•
withdrawn
codehaus-plexus vulnerable to XML injection
Moderate
CVE-2022-4245
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
Sep 25, 2023
Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin
Moderate
CVE-2023-41932
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Sep 6, 2023
DDFFileParser is vulnerable to XXE Attacks
Moderate
CVE-2023-41034
was published
for
org.eclipse.leshan:leshan-core
(Maven)
Aug 31, 2023
Esoteric YamlBeans XML Entity Expansion vulnerability
Moderate
CVE-2023-24620
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
Jenkins External Monitor Job Type Plugin XML external entity vulnerability
Moderate
CVE-2023-37942
was published
for
org.jenkins-ci.plugins:external-monitor-job
(Maven)
Jul 12, 2023
XML External Entity (XXE) vulnerability in apoc.import.graphml
Moderate
GHSA-9vx8-f5c4-862x
was published
for
org.neo4j.procedure:apoc
(Maven)
Feb 24, 2023
XML External Entity (XXE) vulnerability in apoc.import.graphml
Moderate
CVE-2023-23926
was published
for
org.neo4j.procedure:apoc-core
(Maven)
Feb 16, 2023
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin
Moderate
CVE-2022-45397
was published
for
org.jenkins-ci:update-center2
(Maven)
Nov 16, 2022
XXE vulnerability on agents in Jenkins SourceMonitor Plugin
Moderate
CVE-2022-45396
was published
for
com.thalesgroup.hudson.plugins:sourcemonitor
(Maven)
Nov 16, 2022
XML External Entity Reference in Jenkins Violations Plugin
Moderate
CVE-2022-45386
was published
for
org.jenkins-ci.plugins:violations
(Maven)
Nov 16, 2022
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2022-41241
was published
for
net.praqma:rqm-plugin
(Maven)
Sep 22, 2022
XML External Entity Reference in Eclipse Lyo
Moderate
CVE-2021-41042
was published
for
org.eclipse.lyo:lyo-parent
(Maven)
Jul 8, 2022
HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2014-3599
was published
for
org.hornetq.rest:hornetq-rest
(Maven)
May 24, 2022
XXE vulnerability in Jenkins pom2config Plugin
Moderate
CVE-2021-43576
was published
for
org.jenkins-ci.plugins:pom2config
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Performance Plugin
Moderate
CVE-2021-21701
was published
for
org.jenkins-ci.plugins:performance
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Visualworks Store Plugin
Moderate
CVE-2020-2315
was published
for
org.jenkins-ci.plugins:visualworks-store
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Subversion Plugin
Moderate
CVE-2020-2304
was published
for
org.jenkins-ci.plugins:subversion
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API