Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

356 advisories

Loading
Improper Restriction of XML External Entity Reference in Jelly Critical
CVE-2017-12621 was published for commons-jelly:commons-jelly (Maven) May 17, 2022
Umbraco CMS XXE Vulnerability Moderate
CVE-2017-15280 was published for UmbracoCms.Web (NuGet) May 17, 2022
Improper Restriction of XML External Entity Reference in Apache OpenNLP Critical
CVE-2017-12620 was published for org.apache.opennlp:opennlp-tools (Maven) May 17, 2022
XML External Entity Reference in Apache NiFi Moderate
CVE-2017-12623 was published for org.apache.nifi:nifi (Maven) May 17, 2022
XML External Entity Reference in org.picketlink:picketlink-common High
CVE-2014-3530 was published for org.picketlink:picketlink-common (Maven) May 14, 2022
XXE Vulnerability in XMLBundle 0.1.7 High
CVE-2017-1000477 was published for desperado/xml-bundle (Composer) May 14, 2022
XXE vulnerability in Jenkins DRY Plugin High
CVE-2018-1000010 was published for org.jvnet.hudson.plugins:dry (Maven) May 14, 2022
XXE vulnerability in Jenkins Checkstyle Plugin High
CVE-2018-1000009 was published for org.jvnet.hudson.plugins:checkstyle (Maven) May 14, 2022
XXE vulnerability in Jenkins PMD Plugin High
CVE-2018-1000008 was published for org.jvnet.hudson.plugins:pmd (Maven) May 14, 2022
XML External Entity Reference in Jenkins FindBugs Plugin High
CVE-2018-1000011 was published for org.jvnet.hudson.plugins.findbugs:library (Maven) May 14, 2022
XXE vulnerability Jenkins Warnings Plugin High
CVE-2018-1000012 was published for org.jvnet.hudson.plugins:warnings (Maven) May 14, 2022
XXE vulnerability in Jenkins Android Lint Plugin High
CVE-2018-1000055 was published for org.jvnet.hudson.plugins:android-lint (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin High
CVE-2018-1000056 was published for org.jenkins-ci.plugins:junit (Maven) May 14, 2022
mxGraph vulnerable to XXE attacks Critical
CVE-2017-18197 was published for mxgraph (npm) May 14, 2022
Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2018-1000054 was published for org.jvnet.hudson.plugins:ccm (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi Critical
CVE-2018-1309 was published for org.apache.nifi:nifi-standard-processors (Maven) May 14, 2022
XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin Moderate
CVE-2018-1000198 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 14, 2022
WeChat Pay Java SDK allows XXE High
CVE-2018-13439 was published for com.github.wxpay:wxpay-sdk (Maven) May 14, 2022
PHPOffice Common Improper Restriction of XML External Entity Reference Critical
CVE-2018-14065 was published for phpoffice/common (Composer) May 14, 2022
Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2015-3208 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022 withdrawn
dsten56
XML External Entity Reference in Apache Cayenne High
CVE-2018-11758 was published for org.apache.cayenne:cayenne-parent (Maven) May 14, 2022
Apache XML-RPC XXE Vulnerability High
CVE-2016-5002 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
Improper Restriction of XML External Entity Reference in PMD High
CVE-2019-7722 was published for net.sourceforge.pmd:pmd-core (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2014-3600 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database