Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur... High Unreviewed
CVE-2020-9352 was published May 24, 2022
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE)... High Unreviewed
CVE-2024-27266 was published Mar 14, 2024
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. High Unreviewed
CVE-2023-50168 was published Mar 14, 2024
Improper Restriction of XML External Entity Reference in iText High
CVE-2017-9096 was published for com.itextpdf:itextpdf (Maven) May 13, 2022
AndrzejBiernacki2010
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core High
CVE-2018-17186 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
There is a XML external entity expansion (XXE) vulnerability in Apache Solr High
CVE-2018-1308 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
HuTool XML parsing module has blind XXE vulnerability High
CVE-2023-3276 was published for cn.hutool:hutool-core (Maven) Jun 15, 2023
Improper Restriction of XML External Entity Reference in Spring Framework High
CVE-2014-0225 was published for org.springframework:spring-webmvc (Maven) May 13, 2022
sunSUNQ
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This... High Unreviewed
CVE-2022-42745 was published Nov 4, 2022
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x,... High Unreviewed
CVE-2024-22024 was published Feb 13, 2024
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated... High Unreviewed
CVE-2024-24743 was published Feb 13, 2024
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2... High Unreviewed
CVE-2009-1699 was published May 2, 2022
XXE vulnerability in Jenkins Android Lint Plugin High
CVE-2018-1000055 was published for org.jvnet.hudson.plugins:android-lint (Maven) May 14, 2022
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... High Unreviewed
CVE-2023-32327 was published Feb 3, 2024
XXE vulnerability Jenkins Warnings Plugin High
CVE-2018-1000012 was published for org.jvnet.hudson.plugins:warnings (Maven) May 14, 2022
XXE vulnerability in Jenkins DRY Plugin High
CVE-2018-1000010 was published for org.jvnet.hudson.plugins:dry (Maven) May 14, 2022
XXE vulnerability in Jenkins Checkstyle Plugin High
CVE-2018-1000009 was published for org.jvnet.hudson.plugins:checkstyle (Maven) May 14, 2022
XXE vulnerability in Jenkins PMD Plugin High
CVE-2018-1000008 was published for org.jvnet.hudson.plugins:pmd (Maven) May 14, 2022
XML external entity (XXE) vulnerability in Jenkins High
CVE-2015-1809 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
Apache XML-RPC XXE Vulnerability High
CVE-2016-5002 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse... High Unreviewed
CVE-2020-15352 was published May 24, 2022
Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability High
CVE-2023-41933 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Sep 6, 2023
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43430 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-41226 was published for com.compuware.jenkins:compuware-common-configuration (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database