Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

447 advisories

Loading
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin High
CVE-2022-27201 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Mar 16, 2022
NotMyFault
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly... High Unreviewed
CVE-2020-14478 was published Feb 25, 2022
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra High
CVE-2022-25209 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Improper Restriction of XML External Entity Reference in Magnolia CMS High
CVE-2021-46365 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R)... High Unreviewed
CVE-2022-21205 was published Feb 11, 2022
Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before... High Unreviewed
CVE-2022-21220 was published Feb 11, 2022
Improper Restriction of XML External Entity Reference High
CVE-2020-13692 was published for org.postgresql:postgresql (Maven) Feb 10, 2022
SunBK201
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity... High Unreviewed
CVE-2020-4876 was published Jan 22, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity... High Unreviewed
CVE-2020-4875 was published Jan 22, 2022
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG"... High Unreviewed
CVE-2021-42560 was published Jan 13, 2022
Improper Restriction of XML External Entity Reference in com.h2database:h2. High
CVE-2021-23463 was published for com.h2database:h2 (Maven) Dec 16, 2021
mprins
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. High Unreviewed
CVE-2021-42776 was published Dec 2, 2021
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby High
CVE-2021-41098 was published for nokogiri (RubyGems) Sep 27, 2021
XML External Entity Reference in Apache Jena High
CVE-2021-39239 was published for org.apache.jena:jena-core (Maven) Sep 20, 2021
XML External Entity Injection in PyWPS High
CVE-2021-39371 was published for pywps (pip) Sep 2, 2021
tdunlap607
XML External Entity Reference High
GHSA-7qfm-6m33-rgg9 was published for com.epam.reportportal:service-api (Maven) Aug 13, 2021
XML External Entity (XXE) Injection in JDOM High
CVE-2021-33813 was published for org.jdom:jdom (Maven) Jul 27, 2021
XML2Dict XML Entity Expansion Vulnerability High
CVE-2021-25951 was published for XML2Dict (pip) Jul 2, 2021
XXE vulnerability in Launch import High
CVE-2020-12642 was published for com.epam.reportportal:service-api (Maven) Jun 28, 2021
XXE vulnerability on Launch import with externally-defined DTD file High
CVE-2021-29620 was published for com.epam.reportportal:service-api (Maven) Jun 28, 2021
REXML round-trip instability High
CVE-2021-28965 was published for rexml (RubyGems) Apr 30, 2021
Improper Restriction of XML External Entity Reference in pikepdf High
CVE-2021-29421 was published for pikepdf (pip) Apr 20, 2021
Improper Restriction of XML External Entity Reference in Plone High
CVE-2020-28736 was published for Plone (pip) Apr 7, 2021
Improper Restriction of XML External Entity Reference in Plone High
CVE-2020-28734 was published for Plone (pip) Apr 7, 2021
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database