GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
140 advisories
Filter by severity
Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks
High
CVE-2023-28684
was published
for
com.sap.jenkinsci:remote-jobs-view-plugin
(Maven)
Apr 2, 2023
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
High
CVE-2023-27480
was published
for
org.xwiki.platform:xwiki-platform-xar-model
(Maven)
Mar 8, 2023
OWSLib vulnerable to XML External Entity (XXE) Injection
High
CVE-2023-27476
was published
for
OWSLib
(pip)
Mar 7, 2023
dd-plist XML External Entitly vulnerability
High
CVE-2016-15026
was published
for
com.googlecode.plist:dd-plist
(Maven)
Feb 20, 2023
XML External Entity Reference in ureport
High
CVE-2023-24187
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Feb 14, 2023
XML External Entity Reference in Apache NiFi
High
CVE-2023-22832
was published
for
org.apache.nifi:nifi
(Maven)
Feb 10, 2023
Jenkins Plot Plugin XML External Entity Reference vulnerability
High
CVE-2022-46682
was published
for
org.jenkins-ci.plugins:plot
(Maven)
Dec 12, 2022
XXE vulnerability in Jenkins JAPEX Plugin
High
CVE-2022-45400
was published
for
org.jvnet.hudson.plugins:japex
(Maven)
Nov 16, 2022
XXE vulnerability in Jenkins REPO Plugin
High
CVE-2022-43415
was published
for
org.jenkins-ci.plugins:repo
(Maven)
Oct 19, 2022
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43430
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP
High
CVE-2022-40705
was published
for
soap:soap
(Maven)
Sep 23, 2022
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference
High
CVE-2022-41226
was published
for
com.compuware.jenkins:compuware-common-configuration
(Maven)
Sep 22, 2022
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS)
High
CVE-2022-37189
was published
for
mei2volpiano
(pip)
Sep 8, 2022
untangle vulnerable to Improper Restriction of XML External Entity Reference
High
CVE-2022-31471
was published
for
untangle
(pip)
Aug 6, 2022
XML External Entity Reference in Jenkins Recipe Plugin
High
CVE-2022-34793
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin
High
CVE-2019-10327
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
XXE vulnerability in Jenkins OWASP Dependency-Check Plugin
High
CVE-2021-43577
was published
for
org.jenkins-ci.plugins:dependency-check-jenkins-plugin
(Maven)
May 24, 2022
Improper Restriction of XML External Entity Reference in Stanford CoreNLP
High
CVE-2021-3869
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Nested View Plugin
High
CVE-2021-21680
was published
for
org.jenkins-ci.plugins:nested-view
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Filesystem Trigger Plugin
High
CVE-2021-21657
was published
for
org.jenkins-ci.plugins:fstrigger
(Maven)
May 24, 2022
XXE vulnerability in Jenkins URLTrigger Plugin
High
CVE-2021-21659
was published
for
org.jenkins-ci.plugins:urltrigger
(Maven)
May 24, 2022
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin
High
CVE-2021-21642
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 24, 2022
XXE vulnerability in Jenkins CVS Plugin
High
CVE-2020-2324
was published
for
org.jenkins-ci.plugins:cvs
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Liquibase Runner Plugin
High
CVE-2020-2284
was published
for
org.jenkins-ci.plugins:liquibase-runner
(Maven)
May 24, 2022
DotPlant2 Improper Restriction of XML External Entity Reference
High
CVE-2020-25750
was published
for
devgroup/dotplant
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API