Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks High
CVE-2023-28684 was published for com.sap.jenkinsci:remote-jobs-view-plugin (Maven) Apr 2, 2023
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference High
CVE-2023-27480 was published for org.xwiki.platform:xwiki-platform-xar-model (Maven) Mar 8, 2023
OWSLib vulnerable to XML External Entity (XXE) Injection High
CVE-2023-27476 was published for OWSLib (pip) Mar 7, 2023
jorgectf
dd-plist XML External Entitly vulnerability High
CVE-2016-15026 was published for com.googlecode.plist:dd-plist (Maven) Feb 20, 2023
XML External Entity Reference in ureport High
CVE-2023-24187 was published for com.bstek.ureport:ureport2-core (Maven) Feb 14, 2023
XML External Entity Reference in Apache NiFi High
CVE-2023-22832 was published for org.apache.nifi:nifi (Maven) Feb 10, 2023
Jenkins Plot Plugin XML External Entity Reference vulnerability High
CVE-2022-46682 was published for org.jenkins-ci.plugins:plot (Maven) Dec 12, 2022
XXE vulnerability in Jenkins JAPEX Plugin High
CVE-2022-45400 was published for org.jvnet.hudson.plugins:japex (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability in Jenkins REPO Plugin High
CVE-2022-43415 was published for org.jenkins-ci.plugins:repo (Maven) Oct 19, 2022
NotMyFault
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43430 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP High
CVE-2022-40705 was published for soap:soap (Maven) Sep 23, 2022
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-41226 was published for com.compuware.jenkins:compuware-common-configuration (Maven) Sep 22, 2022
NotMyFault
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS) High
CVE-2022-37189 was published for mei2volpiano (pip) Sep 8, 2022
untangle vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-31471 was published for untangle (pip) Aug 6, 2022
XML External Entity Reference in Jenkins Recipe Plugin High
CVE-2022-34793 was published for org.jenkins-ci.plugins:recipe (Maven) Jul 1, 2022
NotMyFault
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin High
CVE-2019-10327 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
westonsteimel
XXE vulnerability in Jenkins OWASP Dependency-Check Plugin High
CVE-2021-43577 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) May 24, 2022
NotMyFault
Improper Restriction of XML External Entity Reference in Stanford CoreNLP High
CVE-2021-3869 was published for edu.stanford.nlp:stanford-corenlp (Maven) May 24, 2022
XXE vulnerability in Jenkins Nested View Plugin High
CVE-2021-21680 was published for org.jenkins-ci.plugins:nested-view (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Filesystem Trigger Plugin High
CVE-2021-21657 was published for org.jenkins-ci.plugins:fstrigger (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins URLTrigger Plugin High
CVE-2021-21659 was published for org.jenkins-ci.plugins:urltrigger (Maven) May 24, 2022
NotMyFault
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin High
CVE-2021-21642 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins CVS Plugin High
CVE-2020-2324 was published for org.jenkins-ci.plugins:cvs (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Liquibase Runner Plugin High
CVE-2020-2284 was published for org.jenkins-ci.plugins:liquibase-runner (Maven) May 24, 2022
NotMyFault
DotPlant2 Improper Restriction of XML External Entity Reference High
CVE-2020-25750 was published for devgroup/dotplant (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API