Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

108 advisories

Loading
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` High
CVE-2024-52007 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Nov 8, 2024
allonsyintensely
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
XML External Entity Reference in Apache NiFi High
CVE-2023-22832 was published for org.apache.nifi:nifi-ccda-processors (Maven) Feb 10, 2023
exceptionfactory
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin High
CVE-2019-10337 was published for org.jenkins-ci.plugins:token-macro (Maven) May 24, 2022
secjoker
Improper Restriction of XML External Entity Reference in bedework:bw-webdav High
CVE-2018-20000 was published for org.bedework:bw-webdav (Maven) Dec 19, 2018
SunBK201
Improper Restriction of XML External Entity Reference High
CVE-2020-13692 was published for org.postgresql:postgresql (Maven) Feb 10, 2022
SunBK201
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
Improper Restriction of XML External Entity Reference in iText High
CVE-2017-9096 was published for com.itextpdf:itextpdf (Maven) May 13, 2022
AndrzejBiernacki2010
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core High
CVE-2018-17186 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
There is a XML external entity expansion (XXE) vulnerability in Apache Solr High
CVE-2018-1308 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
HuTool XML parsing module has blind XXE vulnerability High
CVE-2023-3276 was published for cn.hutool:hutool-core (Maven) Jun 15, 2023
Improper Restriction of XML External Entity Reference in Spring Framework High
CVE-2014-0225 was published for org.springframework:spring-webmvc (Maven) May 13, 2022
sunSUNQ
XXE vulnerability in Jenkins Android Lint Plugin High
CVE-2018-1000055 was published for org.jvnet.hudson.plugins:android-lint (Maven) May 14, 2022
XXE vulnerability Jenkins Warnings Plugin High
CVE-2018-1000012 was published for org.jvnet.hudson.plugins:warnings (Maven) May 14, 2022
XXE vulnerability in Jenkins DRY Plugin High
CVE-2018-1000010 was published for org.jvnet.hudson.plugins:dry (Maven) May 14, 2022
XXE vulnerability in Jenkins Checkstyle Plugin High
CVE-2018-1000009 was published for org.jvnet.hudson.plugins:checkstyle (Maven) May 14, 2022
XXE vulnerability in Jenkins PMD Plugin High
CVE-2018-1000008 was published for org.jvnet.hudson.plugins:pmd (Maven) May 14, 2022
XML external entity (XXE) vulnerability in Jenkins High
CVE-2015-1809 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
Apache XML-RPC XXE Vulnerability High
CVE-2016-5002 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API