GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
140 advisories
Filter by severity
XXE vulnerability in Jenkins Klocwork Analysis Plugin
High
CVE-2020-2247
was published
for
org.jenkins-ci.plugins:klocwork
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Valgrind Plugin
High
CVE-2020-2245
was published
for
org.jenkins-ci.plugins:valgrind
(Maven)
May 24, 2022
OpenStack Nova Live migration fails to update persistent domain XML
High
CVE-2020-17376
was published
for
nova
(pip)
May 24, 2022
XXE vulnerability in Jenkins Parasoft Findings Plugin
High
CVE-2020-2178
was published
for
com.parasoft:parasoft-findings
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Code Coverage API Plugin
High
CVE-2020-2172
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
XXE vulnerability in Jenkins RapidDeploy Plugin
High
CVE-2020-2171
was published
for
org.jenkins-ci.plugins:rapiddeploy-jenkins
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Cobertura Plugin
High
CVE-2020-2138
was published
for
org.jenkins-ci.plugins:cobertura
(Maven)
May 24, 2022
XXE vulnerability in Rundeck Plugin
High
CVE-2020-2144
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
XXE vulnerability in FitNesse Plugin
High
CVE-2020-2120
was published
for
org.jenkins-ci.plugins:fitnesse
(Maven)
May 24, 2022
XXE vulnerability in NUnit Plugin
High
CVE-2020-2115
was published
for
org.jenkins-ci.plugins:nunit
(Maven)
May 24, 2022
XXE vulnerability in Jenkins WebSphere Deployer Plugin
High
CVE-2020-2108
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Robot Framework Plugin
High
CVE-2020-2092
was published
for
org.jenkins-ci.plugins:robot
(Maven)
May 24, 2022
PyAMF vulnerable to XML external entity (XXE)
High
CVE-2015-8549
was published
for
pyamf
(pip)
May 24, 2022
XML external entity (XXE) vulnerability in Jenkins
High
CVE-2015-1809
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Jenkins Maven Release Plug-in Plugin XXE vulnerability
High
CVE-2019-16549
was published
for
org.jenkins-ci.plugins.m2release:m2release
(Maven)
May 24, 2022
Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference
High
CVE-2019-10466
was published
for
org.jenkins-ci.plugins.plugin:fireline
(Maven)
May 24, 2022
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin
High
CVE-2019-10337
was published
for
org.jenkins-ci.plugins:token-macro
(Maven)
May 24, 2022
XML External Entity Reference in Jenkins Storable Configs Plugin
High
CVE-2022-30971
was published
for
org.jvnet.hudson.plugins:storable-configs-plugin
(Maven)
May 18, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
High
CVE-2012-4399
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Zend Framework XXE Vulnerability
High
CVE-2012-3363
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache Solr
High
CVE-2012-6612
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
getID3 is vulnerable to XML External Entity (XXE)
High
CVE-2014-2053
was published
for
james-heinrich/getid3
(Composer)
May 17, 2022
Improper Restriction of XML External Entity Reference in Openpyxl
High
CVE-2017-5992
was published
for
openpyxl
(pip)
May 17, 2022
XML External Entity Reference in org.picketlink:picketlink-common
High
CVE-2014-3530
was published
for
org.picketlink:picketlink-common
(Maven)
May 14, 2022
XXE Vulnerability in XMLBundle 0.1.7
High
CVE-2017-1000477
was published
for
desperado/xml-bundle
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API