Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

311 advisories

Loading
Improper Restriction of XML External Entity Reference in Stanford CoreNLP Critical
CVE-2021-3878 was published for edu.stanford.nlp:stanford-corenlp (Maven) May 24, 2022
XXE vulnerability in Jenkins Nested View Plugin High
CVE-2021-21680 was published for org.jenkins-ci.plugins:nested-view (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin Critical
CVE-2021-21669 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) May 24, 2022
westonsteimel NotMyFault
SilverStripe XXE Vulnerability in CSSContentParser Moderate
CVE-2020-25817 was published for silverstripe/framework (Composer) May 24, 2022
XML external entity vulnerability in Jenkins Nuget Plugin Critical
CVE-2021-21658 was published for org.jenkins-ci.plugins:nuget (Maven) May 24, 2022
westonsteimel NotMyFault
XXE vulnerability in Jenkins URLTrigger Plugin High
CVE-2021-21659 was published for org.jenkins-ci.plugins:urltrigger (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Filesystem Trigger Plugin High
CVE-2021-21657 was published for org.jenkins-ci.plugins:fstrigger (Maven) May 24, 2022
NotMyFault
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin High
CVE-2021-21642 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins CVS Plugin High
CVE-2020-2324 was published for org.jenkins-ci.plugins:cvs (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Visualworks Store Plugin Moderate
CVE-2020-2315 was published for org.jenkins-ci.plugins:visualworks-store (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Mercurial Plugin Moderate
CVE-2020-2305 was published for org.jenkins-ci.plugins:mercurial (Maven) May 24, 2022
NotMyFault westonsteimel
XXE vulnerability in Jenkins Subversion Plugin Moderate
CVE-2020-2304 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Nerrvana Plugin Moderate
CVE-2020-2298 was published for org.jenkins-ci.plugins:nerrvana-plugin (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Liquibase Runner Plugin High
CVE-2020-2284 was published for org.jenkins-ci.plugins:liquibase-runner (Maven) May 24, 2022
NotMyFault
DotPlant2 Improper Restriction of XML External Entity Reference High
CVE-2020-25750 was published for devgroup/dotplant (Composer) May 24, 2022
XXE vulnerability in Jenkins Klocwork Analysis Plugin High
CVE-2020-2247 was published for org.jenkins-ci.plugins:klocwork (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Valgrind Plugin High
CVE-2020-2245 was published for org.jenkins-ci.plugins:valgrind (Maven) May 24, 2022
NotMyFault
OpenStack Nova Live migration fails to update persistent domain XML High
CVE-2020-17376 was published for nova (pip) May 24, 2022
XXE vulnerability in Jenkins Parasoft Findings Plugin High
CVE-2020-2178 was published for com.parasoft:parasoft-findings (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2020-2172 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for rg.mule.modules:mule-apikit-module (Maven) May 24, 2022
XXE vulnerability in Jenkins RapidDeploy Plugin High
CVE-2020-2171 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
NotMyFault
AutoUpdater.NET allows XXE Critical
CVE-2019-20627 was published for Autoupdater.NET.Official (NuGet) May 24, 2022
XXE vulnerability in Jenkins Cobertura Plugin High
CVE-2020-2138 was published for org.jenkins-ci.plugins:cobertura (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Rundeck Plugin High
CVE-2020-2144 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database