GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
461 advisories
Filter by severity
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
High
CVE-2016-7051
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
High severity vulnerability that affects org.apache.tika:tika-core
High
CVE-2018-11761
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
High severity vulnerability that affects org.apache.pdfbox:pdfbox
High
CVE-2016-2175
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Oct 17, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
High
CVE-2018-0765
was published
for
System.Security.Cryptography.Xml
(NuGet)
Oct 16, 2018
Apache Tika does not properly initialize the XML parser or choose handlers
High
CVE-2016-4434
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
High
CVE-2018-11796
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore
High
CVE-2016-4216
was published
for
com.adobe.xmp:xmpcore
(Maven)
Oct 19, 2018
Android SVG vulnerable to XML External Entity (XXE)
High
CVE-2017-1000498
was published
for
com.caverock:androidsvg
(Maven)
Oct 19, 2018
Apache juddi-client vulnerable to XML External Entity (XXE)
High
CVE-2018-1307
was published
for
org.apache.juddi:juddi-client
(Maven)
Oct 19, 2018
XML External Entity Reference
High
GHSA-7qfm-6m33-rgg9
was published
for
com.epam.reportportal:service-api
(Maven)
Aug 13, 2021
Inline DTD allows XML bomb attack
High
CVE-2019-15160
was published
for
sweet_xml
(Erlang)
Apr 12, 2022
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A...
High
Unreviewed
CVE-2023-23595
was published
Jan 15, 2023
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's...
High
Unreviewed
CVE-2021-42194
was published
Mar 22, 2022
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability...
High
Unreviewed
CVE-2021-44477
was published
Mar 26, 2022
XXE vulnerability in Jenkins Flaky Test Handler Plugin
High
CVE-2022-28140
was published
for
org.jenkins-ci.plugins:flaky-test-handler
(Maven)
Mar 30, 2022
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA...
High
Unreviewed
CVE-2021-33208
was published
Apr 1, 2022
XML External Entity Reference in detekt
High
CVE-2022-0272
was published
for
io.gitlab.arturbosch.detekt:detekt-core
(Maven)
Apr 22, 2022
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external...
High
Unreviewed
CVE-2012-1102
was published
Apr 23, 2022
Improper Restriction of XML External Entity Reference in Apache Batik
High
CVE-2017-5662
was published
for
org.apache.xmlgraphics:batik
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in PMD
High
CVE-2019-7722
was published
for
net.sourceforge.pmd:pmd-core
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin
High
CVE-2018-1000056
was published
for
org.jenkins-ci.plugins:junit
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Apache FOP
High
CVE-2017-5661
was published
for
org.apache.xmlgraphics:fop
(Maven)
May 13, 2022
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
High
CVE-2018-1259
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS)
High
CVE-2022-37189
was published
for
mei2volpiano
(pip)
Sep 8, 2022
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows...
High
Unreviewed
CVE-2017-9233
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API