Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

82 advisories

Loading
XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin Moderate
CVE-2018-1000198 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache uimaj Moderate
CVE-2017-15691 was published for org.apache.uima:uimafit-core (Maven) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2683 was published for zendframework/zendframework1 (Composer) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2682 was published for zendframework/zendframework1 (Composer) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2681 was published for zendframework/zendframework1 (Composer) May 14, 2022
XML External Entity Reference in jbpmmigration Moderate
CVE-2017-7545 was published for org.jbpm.jbpm5:jbpmmigration (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in Elasticsearch Moderate
CVE-2018-17247 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability Moderate
CVE-2016-5000 was published for org.apache.poi:poi-examples (Maven) May 13, 2022
Moodle Arbitrary File Read via XML External Entity vulnerability Moderate
CVE-2014-3543 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Improper Restriction of XML External Entity Reference in Castor Moderate
CVE-2014-3004 was published for org.codehaus.castor:castor (Maven) May 13, 2022
Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml Moderate
CVE-2022-24898 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 28, 2022
Improper Restriction of XML External Entity Reference in wutka jox Moderate
CVE-2021-43142 was published for com.wutka:jox (Maven) Apr 1, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter Moderate
CVE-2022-27193 was published for cvrf2csaf (pip) Mar 16, 2022
Improper Restriction of XML External Entity Reference in trytond and proteus Moderate
CVE-2022-26661 was published for proteus (pip) Mar 11, 2022
Improper Restriction of XML External Entity Reference in skylot/jadx Moderate
CVE-2022-0219 was published for io.github.skylot:jadx-core (Maven) Jan 21, 2022
Haxatron
XML External Entity Reference in edu.stanford.nlp:stanford-corenlp Moderate
CVE-2022-0198 was published for edu.stanford.nlp:stanford-corenlp (Maven) Jan 14, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi Moderate
CVE-2020-13940 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
XML External Entity Reference in org.opencms:opencms-core Moderate
CVE-2021-3312 was published for org.opencms:opencms-core (Maven) Oct 12, 2021
XML External Entity Reference in Glances Moderate
CVE-2021-23418 was published for Glances (pip) Aug 9, 2021
XXE vulnerability in Jenkins Selenium HTML report Plugin Moderate
CVE-2021-21672 was published for org.jenkins-ci.plugins:seleniumhtmlreport (Maven) Jul 2, 2021
NotMyFault
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability Moderate
CVE-2020-26247 was published for nokogiri (RubyGems) Dec 30, 2020
eric-therond
Authenticated XML External Entity Processing Moderate
GHSA-8xv9-qcr9-ww9j was published for shopware/core (Composer) Oct 19, 2020
dahua966
Improper Restriction of XML External Entity Reference in Apache Olingo Moderate
CVE-2019-17554 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled)) Moderate
CVE-2019-10782 was published for com.puppycrawl.tools:checkstyle (Maven) Jan 31, 2020
JLLeitschuh
Apache NiFi information disclosure by XXE Moderate
CVE-2019-10080 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database