GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
XML external entity injection in Terracotta Quartz Scheduler
Critical
CVE-2019-13990
was published
for
org.quartz-scheduler:quartz
(Maven)
Jul 1, 2020
XML External Entity Reference in drools
Critical
CVE-2021-41411
was published
for
org.drools:drools-core
(Maven)
Jun 17, 2022
Apache ActiveMQ Apollo XXE Vulnerability
Critical
CVE-2014-3579
was published
for
org.apache.activemq:apollo-project
(Maven)
May 14, 2022
Remote code execution occurs in Apache Solr
Critical
CVE-2017-12629
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
Improper Restriction of XML External Entity Reference in pippo-core
Critical
CVE-2018-20059
was published
for
ro.pippo:pippo-core
(Maven)
Dec 19, 2018
java-xmlbuilder vulnerable to XML External Entity Reference
Critical
CVE-2014-125087
was published
for
com.jamesmurty.utils:java-xmlbuilder
(Maven)
Feb 19, 2023
aXMLRPC XML External Entity vulnerability
Critical
CVE-2020-36641
was published
for
fr.turri:aXMLRPC
(Maven)
Jan 5, 2023
XML External Entity Reference in weixin-java-tools
Critical
CVE-2019-5312
was published
for
com.github.binarywang:weixin-java-common
(Maven)
May 14, 2022
XML Entity Expansion in Jenkins TestComplete support Plugin
Critical
CVE-2023-24443
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
Jan 26, 2023
Apache is vulnerable to XXE in XSD validation processor
Critical
CVE-2018-8027
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Critical
CVE-2014-3600
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin
Critical
CVE-2021-21669
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
May 24, 2022
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Critical
CVE-2023-49733
was published
for
org.apache.cocoon:cocoon
(Maven)
Nov 30, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Critical
CVE-2023-46502
was published
for
org.opencrx:opencrx-client
(Maven)
Oct 31, 2023
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin
Critical
CVE-2023-24430
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Jan 26, 2023
XML external entity vulnerability in Jenkins Nuget Plugin
Critical
CVE-2021-21658
was published
for
org.jenkins-ci.plugins:nuget
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Job Import Plugin
Critical
CVE-2019-1003015
was published
for
org.jenkins-ci.plugins:job-import-plugin
(Maven)
May 13, 2022
bonita-connector-webservice XML External Entity vulnerability
Critical
CVE-2020-36640
was published
for
org.bonitasoft.connectors:bonita-connector-webservice
(Maven)
Jan 5, 2023
dssp vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2016-15011
was published
for
be.e_contract.dssp:dssp-client
(Maven)
Jan 6, 2023
iText RUPS XML External Entity vulnerability
Critical
CVE-2017-20151
was published
for
com.itextpdf:itext-rups
(Maven)
Dec 30, 2022
XML External Entity Reference in apache jena
Critical
CVE-2022-28890
was published
for
org.apache.jena:jena
(Maven)
May 6, 2022
XML External Entity Reference in Apache Sling
Critical
CVE-2016-6798
was published
for
org.apache.sling:org.apache.sling.xss
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi
Critical
CVE-2018-1309
was published
for
org.apache.nifi:nifi-standard-processors
(Maven)
May 14, 2022
XML External Entity Reference in Apache Karaf
Critical
CVE-2018-11788
was published
for
org.apache.karaf.specs:org.apache.karaf.specs.java.xml
(Maven)
Jan 7, 2019
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Critical
CVE-2022-23640
was published
for
com.monitorjbl:xlsx-streamer
(Maven)
Mar 2, 2022
ProTip!
Advisories are also available from the
GraphQL API