Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
XML Injection in Any23 Critical
CVE-2021-38555 was published for org.apache.any23:apache-any23 (Maven) Sep 13, 2021
XML External Entity Reference High
GHSA-7qfm-6m33-rgg9 was published for com.epam.reportportal:service-api (Maven) Aug 13, 2021
XML External Entity (XXE) Injection in JDOM High
CVE-2021-33813 was published for org.jdom:jdom (Maven) Jul 27, 2021
XXE vulnerability in Jenkins Selenium HTML report Plugin Moderate
CVE-2021-21672 was published for org.jenkins-ci.plugins:seleniumhtmlreport (Maven) Jul 2, 2021
NotMyFault
XXE vulnerability in Launch import High
CVE-2020-12642 was published for com.epam.reportportal:service-api (Maven) Jun 28, 2021
XXE vulnerability on Launch import with externally-defined DTD file High
CVE-2021-29620 was published for com.epam.reportportal:service-api (Maven) Jun 28, 2021
Arbitrary code injection in json-sanitizer Critical
CVE-2021-23899 was published for com.mikesamuel:json-sanitizer (Maven) Jun 16, 2021
Improper Restriction of XML External Entity Reference in MPXJ Critical
CVE-2020-25020 was published for net.sf.mpxj:mpxj (Maven) May 7, 2021
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
XXE in Apache Standard Taglibs High
CVE-2015-0254 was published for org.apache.taglibs:taglibs-standard (Maven) Sep 14, 2020
XXE attack in Mapfish Print Critical
CVE-2020-15232 was published for org.mapfish.print:print-lib (Maven) Jul 7, 2020
XML external entity injection in Terracotta Quartz Scheduler Critical
CVE-2019-13990 was published for org.quartz-scheduler:quartz (Maven) Jul 1, 2020
dom4j allows External Entities by default which might enable XXE attacks Critical
CVE-2020-10683 was published for dom4j:dom4j (Maven) Jun 5, 2020
Improper Restriction of XML External Entity Reference in jackson-mapper-asl High
CVE-2019-10172 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) Feb 4, 2020
Improper Restriction of XML External Entity Reference in Apache Olingo Moderate
CVE-2019-17554 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled)) Moderate
CVE-2019-10782 was published for com.puppycrawl.tools:checkstyle (Maven) Jan 31, 2020
JLLeitschuh
Apache NiFi information disclosure by XXE Moderate
CVE-2019-10080 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
Vulnerability that affects org.apache.pdfbox:pdfbox Critical
CVE-2019-0228 was published for org.apache.pdfbox:pdfbox (Maven) Jul 5, 2019
jacobovazquez
Improper Restriction of XML External Entity Reference in DiffPlug Spotless High
CVE-2019-9843 was published for com.diffplug.spotless:spotless-maven-plugin (Maven) Jul 5, 2019
XML External Entity injection in Apache Camel High
CVE-2019-0188 was published for org.apache.camel:camel-core (Maven) May 29, 2019
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle Moderate
CVE-2019-9658 was published for com.puppycrawl.tools:checkstyle (Maven) Mar 14, 2019
Low severity vulnerability that affects org.springframework.batch:spring-batch-core Low
CVE-2019-3774 was published for org.springframework.batch:spring-batch-core (Maven) Jan 25, 2019
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml Critical
CVE-2019-3773 was published for org.springframework.ws:spring-ws (Maven) Jan 25, 2019
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml Low
CVE-2019-3772 was published for org.springframework.integration:spring-integration-ws (Maven) Jan 25, 2019
MarkLee131
XML External Entity Reference in Apache Karaf Critical
CVE-2018-11788 was published for org.apache.karaf.specs:org.apache.karaf.specs.java.xml (Maven) Jan 7, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database