GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
228 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
Moderate
CVE-2016-6805
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Apache is vulnerable to XXE in XSD validation processor
Critical
CVE-2018-8027
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel XML External Entity vulnerability
Moderate
CVE-2015-0263
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request
High
CVE-2017-14949
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider
High
CVE-2017-14868
was published
for
org.restlet.jse:org.restlet.ext.jaxrs
(Maven)
Oct 17, 2018
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
High
CVE-2018-11796
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Apache Tika does not properly initialize the XML parser or choose handlers
High
CVE-2016-4434
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
High severity vulnerability that affects org.apache.tika:tika-core
High
CVE-2018-11761
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects io.vertx:vertx-core
Moderate
CVE-2018-12544
was published
for
io.vertx:vertx-core
(Maven)
Oct 17, 2018
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
High
CVE-2018-1259
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
High severity vulnerability that affects org.apache.pdfbox:pdfbox
High
CVE-2016-2175
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Oct 17, 2018
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
Critical
CVE-2018-15531
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Oct 17, 2018
XML external entity expansion in org.apache.solr:solr-core
Moderate
CVE-2018-8026
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
High
CVE-2018-1308
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
Moderate
CVE-2018-8010
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
Remote code execution occurs in Apache Solr
Critical
CVE-2017-12629
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
jackson-dataformat-xml vulnerable to XML external entity (XXE)
Critical
CVE-2016-3720
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
High
CVE-2016-7051
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore
High
CVE-2016-4216
was published
for
com.adobe.xmp:xmpcore
(Maven)
Oct 19, 2018
Apache juddi-client vulnerable to XML External Entity (XXE)
High
CVE-2018-1307
was published
for
org.apache.juddi:juddi-client
(Maven)
Oct 19, 2018
Android SVG vulnerable to XML External Entity (XXE)
High
CVE-2017-1000498
was published
for
com.caverock:androidsvg
(Maven)
Oct 19, 2018
Eclipse RDF4j vulnerable to XML External Entitiy
Critical
CVE-2018-1000644
was published
for
org.eclipse.rdf4j:rdf4j-runtime
(Maven)
Oct 19, 2018
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
High
CVE-2018-17186
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Improper Restriction of XML External Entity Reference in pippo-core
Critical
CVE-2018-20059
was published
for
ro.pippo:pippo-core
(Maven)
Dec 19, 2018
Improper Restriction of XML External Entity Reference in bedework:bw-webdav
High
CVE-2018-20000
was published
for
org.bedework:bw-webdav
(Maven)
Dec 19, 2018
ProTip!
Advisories are also available from the
GraphQL API