Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

249 advisories

Loading
aXMLRPC XML External Entity vulnerability Critical
CVE-2020-36641 was published for fr.turri:aXMLRPC (Maven) Jan 5, 2023
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2023-26999 was published Jan 9, 2024
XML External Entity (XXE) vulnerability in the file based service provider creation feature of... Critical Unreviewed
CVE-2021-42646 was published May 12, 2022
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a... Critical Unreviewed
CVE-2023-52252 was published Dec 30, 2023
XML Entity Expansion in Jenkins TestComplete support Plugin Critical
CVE-2023-24443 was published for org.jenkins-ci.plugins:TestComplete (Maven) Jan 26, 2023
Apache is vulnerable to XXE in XSD validation processor Critical
CVE-2018-8027 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2014-3600 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin Critical
CVE-2021-21669 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) May 24, 2022
westonsteimel NotMyFault
CodeIgniter Rest Server XXE Vulnerability Critical
CVE-2015-3907 was published for chriskacerguis/codeigniter-restserver (Composer) May 24, 2022
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability Critical
CVE-2023-49733 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. Critical Unreviewed
CVE-2023-32567 was published Aug 10, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no... Critical Unreviewed
CVE-2022-48565 was published Aug 22, 2023
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24430 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
XML external entity vulnerability in Jenkins Nuget Plugin Critical
CVE-2021-21658 was published for org.jenkins-ci.plugins:nuget (Maven) May 24, 2022
westonsteimel NotMyFault
XXE vulnerability in Jenkins Job Import Plugin Critical
CVE-2019-1003015 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) May 13, 2022
westonsteimel
weixin-python XML External Entity vulnerability Critical
CVE-2018-25082 was published for weixin-python (pip) Mar 21, 2023
bonita-connector-webservice XML External Entity vulnerability Critical
CVE-2020-36640 was published for org.bonitasoft.connectors:bonita-connector-webservice (Maven) Jan 5, 2023
dssp vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2016-15011 was published for be.e_contract.dssp:dssp-client (Maven) Jan 6, 2023
iText RUPS XML External Entity vulnerability Critical
CVE-2017-20151 was published for com.itextpdf:itext-rups (Maven) Dec 30, 2022
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2015-10029 was published for kelvinmo/simplexrd (Composer) Jan 7, 2023
mxGraph vulnerable to XXE attacks Critical
CVE-2017-18197 was published for mxgraph (npm) May 14, 2022
XML External Entity Reference in apache jena Critical
CVE-2022-28890 was published for org.apache.jena:jena (Maven) May 6, 2022
thomasredlin
XML External Entity Reference in Apache Sling Critical
CVE-2016-6798 was published for org.apache.sling:org.apache.sling.xss (Maven) May 17, 2022
wtwhite
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database