Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,719
NuGet
662
pip
3,391
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,034 advisories

Loading
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4... Moderate Unreviewed
CVE-2021-44147 was published Nov 23, 2021
XML External Entity vulnerability in Easy-XML High
CVE-2020-26705 was published for easy-xml (pip) Nov 1, 2021
XML External Entity vulnerability in MODX CMS Critical
CVE-2020-25911 was published for modx/revolution (Composer) Nov 1, 2021
XML External Entity Reference in org.opencms:opencms-core Moderate
CVE-2021-3312 was published for org.opencms:opencms-core (Maven) Oct 12, 2021
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby High
CVE-2021-41098 was published for nokogiri (RubyGems) Sep 27, 2021
XML External Entity Reference in Apache Jena High
CVE-2021-39239 was published for org.apache.jena:jena-core (Maven) Sep 20, 2021
XML Injection in Any23 Critical
CVE-2021-38555 was published for org.apache.any23:apache-any23 (Maven) Sep 13, 2021
XML External Entity Injection in PyWPS High
CVE-2021-39371 was published for pywps (pip) Sep 2, 2021
tdunlap607
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18705 was published for quokka (pip) Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18703 was published for quokka (pip) Aug 30, 2021
XML External Entity Reference High
GHSA-7qfm-6m33-rgg9 was published for com.epam.reportportal:service-api (Maven) Aug 13, 2021
XML External Entity Reference in Glances Moderate
CVE-2021-23418 was published for Glances (pip) Aug 9, 2021
XML External Entity (XXE) Injection in JDOM High
CVE-2021-33813 was published for org.jdom:jdom (Maven) Jul 27, 2021
XML2Dict XML Entity Expansion Vulnerability High
CVE-2021-25951 was published for XML2Dict (pip) Jul 2, 2021
XXE vulnerability in Jenkins Selenium HTML report Plugin Moderate
CVE-2021-21672 was published for org.jenkins-ci.plugins:seleniumhtmlreport (Maven) Jul 2, 2021
NotMyFault
XXE vulnerability in Launch import High
CVE-2020-12642 was published for com.epam.reportportal:service-api (Maven) Jun 28, 2021
XXE vulnerability on Launch import with externally-defined DTD file High
CVE-2021-29620 was published for com.epam.reportportal:service-api (Maven) Jun 28, 2021
Arbitrary code injection in json-sanitizer Critical
CVE-2021-23899 was published for com.mikesamuel:json-sanitizer (Maven) Jun 16, 2021
Improper Restriction of XML External Entity Reference in MPXJ Critical
CVE-2020-25020 was published for net.sf.mpxj:mpxj (Maven) May 7, 2021
SVGlib Vulnerable to XXE Attacks Critical
CVE-2020-10799 was published for svglib (pip) May 6, 2021
REXML round-trip instability High
CVE-2021-28965 was published for rexml (RubyGems) Apr 30, 2021
Improper Restriction of XML External Entity Reference in pikepdf High
CVE-2021-29421 was published for pikepdf (pip) Apr 20, 2021
Improper Restriction of XML External Entity Reference in Plone High
CVE-2020-28736 was published for Plone (pip) Apr 7, 2021
Improper Restriction of XML External Entity Reference in Plone High
CVE-2020-28734 was published for Plone (pip) Apr 7, 2021
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database