Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,028 advisories

Loading
mofh Vulnerable to Improper Restriction of XML External Entity Reference Moderate
GHSA-7r9x-qrpr-3cxw was published for mofh (pip) Aug 11, 2022
jackson-dataformat-xml vulnerable to server side request forgery (SSRF) High
CVE-2016-7051 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
jackson-dataformat-xml vulnerable to XML external entity (XXE) Critical
CVE-2016-3720 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled)) Moderate
CVE-2019-10782 was published for com.puppycrawl.tools:checkstyle (Maven) Jan 31, 2020
JLLeitschuh
Improper Restriction of XML External Entity Reference in Apache Olingo Moderate
CVE-2019-17554 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
High severity vulnerability that affects org.apache.tika:tika-core High
CVE-2018-11761 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Low severity vulnerability that affects org.springframework.batch:spring-batch-core Low
CVE-2019-3774 was published for org.springframework.batch:spring-batch-core (Maven) Jan 25, 2019
High severity vulnerability that affects org.apache.pdfbox:pdfbox High
CVE-2016-2175 was published for org.apache.pdfbox:pdfbox (Maven) Oct 17, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents High
CVE-2018-0765 was published for System.Security.Cryptography.Xml (NuGet) Oct 16, 2018
Apache Tika does not properly initialize the XML parser or choose handlers High
CVE-2016-4434 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Critical
CVE-2018-15531 was published for net.bull.javamelody:javamelody-core (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.ignite:ignite-core Moderate
CVE-2016-6805 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle Moderate
CVE-2019-9658 was published for com.puppycrawl.tools:checkstyle (Maven) Mar 14, 2019
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack High
CVE-2018-11796 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore High
CVE-2016-4216 was published for com.adobe.xmp:xmpcore (Maven) Oct 19, 2018
XML External Entity (XXE) vulnerability in codelibs fess Critical
CVE-2018-1000822 was published for org.codelibs.fess:fess (Maven) Dec 20, 2018
Android SVG vulnerable to XML External Entity (XXE) High
CVE-2017-1000498 was published for com.caverock:androidsvg (Maven) Oct 19, 2018
XML External Entity (XXE) vulnerability in Square Retrofit Critical
CVE-2018-1000844 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Apache juddi-client vulnerable to XML External Entity (XXE) High
CVE-2018-1307 was published for org.apache.juddi:juddi-client (Maven) Oct 19, 2018
Eclipse RDF4j vulnerable to XML External Entitiy Critical
CVE-2018-1000644 was published for org.eclipse.rdf4j:rdf4j-runtime (Maven) Oct 19, 2018
XML External Entity Reference in mchange:c3p0 Critical
CVE-2018-20433 was published for com.mchange:c3p0 (Maven) Jan 7, 2019
XML External Entity (XXE) vulnerability in bw-calendar-engine Critical
CVE-2018-1000836 was published for org.bedework.caleng:bw-calendar-engine (Maven) Dec 20, 2018
Authenticated XML External Entity Processing Moderate
GHSA-8xv9-qcr9-ww9j was published for shopware/core (Composer) Oct 19, 2020
dahua966
XML External Entity Reference High
GHSA-7qfm-6m33-rgg9 was published for com.epam.reportportal:service-api (Maven) Aug 13, 2021
exist-db:exist-core XML External Entity (XXE) vulnerability Critical
CVE-2018-1000823 was published for org.exist-db:exist-core (Maven) Dec 20, 2018
ProTip! Advisories are also available from the GraphQL API