Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

111 advisories

Loading
Improper Restriction of XML External Entity Reference in Spring Framework High
CVE-2014-0225 was published for org.springframework:spring-webmvc (Maven) May 13, 2022
sunSUNQ
Multiple components in Apache NiFi do not restrict XML External Entity references High
CVE-2022-29265 was published for org.apache.nifi:nifi (Maven) May 1, 2022
XML External Entity Reference in detekt High
CVE-2022-0272 was published for io.gitlab.arturbosch.detekt:detekt-core (Maven) Apr 22, 2022
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin High
CVE-2022-28155 was published for com.surenpi.jenkins:phoenix-autotest (Maven) Mar 30, 2022
NotMyFault
XXE vulnerability in Jenkins Flaky Test Handler Plugin High
CVE-2022-28140 was published for org.jenkins-ci.plugins:flaky-test-handler (Maven) Mar 30, 2022
westonsteimel
enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability High
CVE-2022-28154 was published for org.jenkins-ci.plugins:covcomplplot (Maven) Mar 30, 2022
XML external entity (XXE) attacks in Jenkins Xcode integration Plugin High
CVE-2021-21656 was published for org.jenkins-ci.plugins:xcode-plugin (Maven) Mar 18, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin High
CVE-2022-27201 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Mar 16, 2022
NotMyFault
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra High
CVE-2022-25209 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Improper Restriction of XML External Entity Reference in Magnolia CMS High
CVE-2021-46365 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Improper Restriction of XML External Entity Reference High
CVE-2020-13692 was published for org.postgresql:postgresql (Maven) Feb 10, 2022
SunBK201
Improper Restriction of XML External Entity Reference in com.h2database:h2. High
CVE-2021-23463 was published for com.h2database:h2 (Maven) Dec 16, 2021
mprins
XML External Entity Reference in Apache Jena High
CVE-2021-39239 was published for org.apache.jena:jena-core (Maven) Sep 20, 2021
XML External Entity Reference High
GHSA-7qfm-6m33-rgg9 was published for com.epam.reportportal:service-api (Maven) Aug 13, 2021
XML External Entity (XXE) Injection in JDOM High
CVE-2021-33813 was published for org.jdom:jdom (Maven) Jul 27, 2021
paradoxengine
XXE vulnerability in Launch import High
CVE-2020-12642 was published for com.epam.reportportal:service-api (Maven) Jun 28, 2021
XXE vulnerability on Launch import with externally-defined DTD file High
CVE-2021-29620 was published for com.epam.reportportal:service-api (Maven) Jun 28, 2021
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
XXE in Apache Standard Taglibs High
CVE-2015-0254 was published for org.apache.taglibs:taglibs-standard (Maven) Sep 14, 2020
Improper Restriction of XML External Entity Reference in jackson-mapper-asl High
CVE-2019-10172 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) Feb 4, 2020
Improper Restriction of XML External Entity Reference in DiffPlug Spotless High
CVE-2019-9843 was published for com.diffplug.spotless:spotless-maven-plugin (Maven) Jul 5, 2019
XML External Entity injection in Apache Camel High
CVE-2019-0188 was published for org.apache.camel:camel-core (Maven) May 29, 2019
Improper Restriction of XML External Entity Reference in bedework:bw-webdav High
CVE-2018-20000 was published for org.bedework:bw-webdav (Maven) Dec 19, 2018
SunBK201
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core High
CVE-2018-17186 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Android SVG vulnerable to XML External Entity (XXE) High
CVE-2017-1000498 was published for com.caverock:androidsvg (Maven) Oct 19, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database