GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
Improper Restriction of XML External Entity Reference in Plone
High
CVE-2020-28734
was published
for
Plone
(pip)
Apr 7, 2021
XML External Entity (XXE) Injection in Jackson Databind
High
CVE-2020-25649
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Feb 18, 2021
XML External Entity attack in log4net
Critical
CVE-2018-1285
was published
for
log4net
(NuGet)
Jan 29, 2021
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability
Moderate
CVE-2020-26247
was published
for
nokogiri
(RubyGems)
Dec 30, 2020
XML External Entity in Dashboard Widget
Low
CVE-2020-26229
was published
for
typo3/cms
(Composer)
Nov 23, 2020
Authenticated XML External Entity Processing
Moderate
GHSA-8xv9-qcr9-ww9j
was published
for
shopware/core
(Composer)
Oct 19, 2020
XXE in Apache Standard Taglibs
High
CVE-2015-0254
was published
for
org.apache.taglibs:taglibs-standard
(Maven)
Sep 14, 2020
XXE attack in Mapfish Print
Critical
CVE-2020-15232
was published
for
org.mapfish.print:print-lib
(Maven)
Jul 7, 2020
XML external entity injection in Terracotta Quartz Scheduler
Critical
CVE-2019-13990
was published
for
org.quartz-scheduler:quartz
(Maven)
Jul 1, 2020
dom4j allows External Entities by default which might enable XXE attacks
Critical
CVE-2020-10683
was published
for
dom4j:dom4j
(Maven)
Jun 5, 2020
Improper Restriction of XML External Entity Reference in jackson-mapper-asl
High
CVE-2019-10172
was published
for
org.codehaus.jackson:jackson-mapper-asl
(Maven)
Feb 4, 2020
Improper Restriction of XML External Entity Reference in Apache Olingo
Moderate
CVE-2019-17554
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Moderate
CVE-2019-10782
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Jan 31, 2020
Apache NiFi information disclosure by XXE
Moderate
CVE-2019-10080
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Improper Restriction of XML External Entity Reference in ladon
Critical
CVE-2019-1010268
was published
for
ladon
(pip)
Jul 26, 2019
Vulnerability that affects org.apache.pdfbox:pdfbox
Critical
CVE-2019-0228
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jul 5, 2019
Improper Restriction of XML External Entity Reference in DiffPlug Spotless
High
CVE-2019-9843
was published
for
com.diffplug.spotless:spotless-maven-plugin
(Maven)
Jul 5, 2019
XML External Entity injection in Apache Camel
High
CVE-2019-0188
was published
for
org.apache.camel:camel-core
(Maven)
May 29, 2019
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Moderate
CVE-2019-9658
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Mar 14, 2019
Low severity vulnerability that affects org.springframework.batch:spring-batch-core
Low
CVE-2019-3774
was published
for
org.springframework.batch:spring-batch-core
(Maven)
Jan 25, 2019
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
Critical
CVE-2019-3773
was published
for
org.springframework.ws:spring-ws
(Maven)
Jan 25, 2019
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml
Low
CVE-2019-3772
was published
for
org.springframework.integration:spring-integration-ws
(Maven)
Jan 25, 2019
ProTip!
Advisories are also available from the
GraphQL API