Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,298
Erlang
31
GitHub Actions
21
Go
2,063
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
876
Swift
36
Unreviewed advisories
All unreviewed
5,000+

84 advisories

Loading
XML External Entity Reference in drools Critical
CVE-2021-41411 was published for org.drools:drools-core (Maven) Jun 17, 2022
wnicholson
Improper Restriction of XML External Entity Reference in Stanford CoreNLP Critical
CVE-2021-3878 was published for edu.stanford.nlp:stanford-corenlp (Maven) May 24, 2022
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin Critical
CVE-2021-21669 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) May 24, 2022
westonsteimel NotMyFault
XML external entity vulnerability in Jenkins Nuget Plugin Critical
CVE-2021-21658 was published for org.jenkins-ci.plugins:nuget (Maven) May 24, 2022
westonsteimel NotMyFault
Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for rg.mule.modules:mule-apikit-module (Maven) May 24, 2022
AutoUpdater.NET allows XXE Critical
CVE-2019-20627 was published for Autoupdater.NET.Official (NuGet) May 24, 2022
CodeIgniter Rest Server XXE Vulnerability Critical
CVE-2015-3907 was published for chriskacerguis/codeigniter-restserver (Composer) May 24, 2022
PySAML2 XML external entity attack Critical
CVE-2016-10127 was published for pysaml2 (pip) May 17, 2022
jhutchings1
Apache OpenMeetings does not correctly validate uploaded XML documents Critical
CVE-2017-7664 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 17, 2022
XML External Entity Reference in Apache Sling Critical
CVE-2016-6798 was published for org.apache.sling:org.apache.sling.xss (Maven) May 17, 2022
wtwhite
Improper Restriction of XML External Entity Reference in Jelly Critical
CVE-2017-12621 was published for commons-jelly:commons-jelly (Maven) May 17, 2022
Improper Restriction of XML External Entity Reference in Apache OpenNLP Critical
CVE-2017-12620 was published for org.apache.opennlp:opennlp-tools (Maven) May 17, 2022
mxGraph vulnerable to XXE attacks Critical
CVE-2017-18197 was published for mxgraph (npm) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi Critical
CVE-2018-1309 was published for org.apache.nifi:nifi-standard-processors (Maven) May 14, 2022
PHPOffice Common Improper Restriction of XML External Entity Reference Critical
CVE-2018-14065 was published for phpoffice/common (Composer) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2015-3208 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
Apache ActiveMQ Apollo XXE Vulnerability Critical
CVE-2014-3579 was published for org.apache.activemq:apollo-project (Maven) May 14, 2022
MarkLee131
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2014-3600 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
SimpleXML vulnerable to XML External Entity (XXE) Critical
CVE-2017-1000190 was published for org.simpleframework:simple-xml (Maven) May 14, 2022
XXE vulnerability in Jenkins Job Import Plugin Critical
CVE-2019-1003015 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) May 13, 2022
westonsteimel
Improper Restriction of XML External Entity Reference in Apace Derby Critical
CVE-2015-1832 was published for org.apache.derby:derby (Maven) May 13, 2022
External Entity Reference in TwelveMonkeys ImageIO Critical
CVE-2021-23792 was published for com.twelvemonkeys.imageio:imageio-metadata (Maven) May 7, 2022
XML External Entity Reference in apache jena Critical
CVE-2022-28890 was published for org.apache.jena:jena (Maven) May 6, 2022
thomasredlin
Improper Restriction of XML External Entity Reference in soa-model Critical
CVE-2021-43090 was published for com.predic8:soa-model-core (Maven) Mar 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database