GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
55 advisories
Filter by severity
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Moderate
CVE-2019-10782
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Jan 31, 2020
Improper Restriction of XML External Entity Reference in Apache Olingo
Moderate
CVE-2019-17554
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
Moderate
CVE-2016-6805
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Moderate
CVE-2019-9658
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Mar 14, 2019
Improper Restriction of XML External Entity Reference in wutka jox
Moderate
CVE-2021-43142
was published
for
com.wutka:jox
(Maven)
Apr 1, 2022
Improper Restriction of XML External Entity Reference in Castor
Moderate
CVE-2014-3004
was published
for
org.codehaus.castor:castor
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Elasticsearch
Moderate
CVE-2018-17247
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache uimaj
Moderate
CVE-2017-15691
was published
for
org.apache.uima:uimafit-core
(Maven)
May 14, 2022
XML External Entity Reference in RESTEasy
Moderate
CVE-2014-7839
was published
for
org.jboss.resteasy:resteasy-jaxrs
(Maven)
May 17, 2022
XML External Entity Reference in Eclipse Lyo
Moderate
CVE-2021-41042
was published
for
org.eclipse.lyo:lyo-parent
(Maven)
Jul 8, 2022
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2019-12415
was published
for
org.apache.poi:poi
(Maven)
May 24, 2022
Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml
Moderate
CVE-2022-24898
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 28, 2022
XML External Entity Reference in Apache NiFi
Moderate
CVE-2017-12623
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2022-41241
was published
for
net.praqma:rqm-plugin
(Maven)
Sep 22, 2022
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin
Moderate
CVE-2022-45397
was published
for
org.jenkins-ci:update-center2
(Maven)
Nov 16, 2022
XXE vulnerability on agents in Jenkins SourceMonitor Plugin
Moderate
CVE-2022-45396
was published
for
com.thalesgroup.hudson.plugins:sourcemonitor
(Maven)
Nov 16, 2022
Apache NiFi information disclosure by XXE
Moderate
CVE-2019-10080
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
Improper Restriction of XML External Entity Reference in Apache NiFi
Moderate
CVE-2020-13940
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
XML External Entity Reference in org.opencms:opencms-core
Moderate
CVE-2021-3312
was published
for
org.opencms:opencms-core
(Maven)
Oct 12, 2021
XML External Entity Reference in jbpmmigration
Moderate
CVE-2017-7545
was published
for
org.jbpm.jbpm5:jbpmmigration
(Maven)
May 13, 2022
HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2014-3599
was published
for
org.hornetq.rest:hornetq-rest
(Maven)
May 24, 2022
XML External Entity Reference in edu.stanford.nlp:stanford-corenlp
Moderate
CVE-2022-0198
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
Jan 14, 2022
Improper Restriction of XML External Entity Reference in skylot/jadx
Moderate
CVE-2022-0219
was published
for
io.github.skylot:jadx-core
(Maven)
Jan 21, 2022
XML External Entity (XXE) vulnerability in apoc.import.graphml
Moderate
GHSA-9vx8-f5c4-862x
was published
for
org.neo4j.procedure:apoc
(Maven)
Feb 24, 2023
XML External Entity (XXE) vulnerability in apoc.import.graphml
Moderate
CVE-2023-23926
was published
for
org.neo4j.procedure:apoc-core
(Maven)
Feb 16, 2023
ProTip!
Advisories are also available from the
GraphQL API