GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
External Entity Reference in TwelveMonkeys ImageIO
Critical
CVE-2021-23792
was published
for
com.twelvemonkeys.imageio:imageio-metadata
(Maven)
May 7, 2022
XML External Entity Reference in apache jena
Critical
CVE-2022-28890
was published
for
org.apache.jena:jena
(Maven)
May 6, 2022
Multiple components in Apache NiFi do not restrict XML External Entity references
High
CVE-2022-29265
was published
for
org.apache.nifi:nifi
(Maven)
May 1, 2022
Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml
Moderate
CVE-2022-24898
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 28, 2022
XML External Entity Reference in detekt
High
CVE-2022-0272
was published
for
io.gitlab.arturbosch.detekt:detekt-core
(Maven)
Apr 22, 2022
Inline DTD allows XML bomb attack
High
CVE-2019-15160
was published
for
sweet_xml
(Erlang)
Apr 12, 2022
Improper Restriction of XML External Entity Reference in wutka jox
Moderate
CVE-2021-43142
was published
for
com.wutka:jox
(Maven)
Apr 1, 2022
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin
High
CVE-2022-28155
was published
for
com.surenpi.jenkins:phoenix-autotest
(Maven)
Mar 30, 2022
XXE vulnerability in Jenkins Flaky Test Handler Plugin
High
CVE-2022-28140
was published
for
org.jenkins-ci.plugins:flaky-test-handler
(Maven)
Mar 30, 2022
enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability
High
CVE-2022-28154
was published
for
org.jenkins-ci.plugins:covcomplplot
(Maven)
Mar 30, 2022
Improper Restriction of XML External Entity Reference in soa-model
Critical
CVE-2021-43090
was published
for
com.predic8:soa-model-core
(Maven)
Mar 26, 2022
XML external entity (XXE) attacks in Jenkins Xcode integration Plugin
High
CVE-2021-21656
was published
for
org.jenkins-ci.plugins:xcode-plugin
(Maven)
Mar 18, 2022
XML external entity (XXE) injection in Apache Nutch
Critical
CVE-2021-23901
was published
for
org.apache.nutch:nutch
(Maven)
Mar 18, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter
Moderate
CVE-2022-27193
was published
for
cvrf2csaf
(pip)
Mar 16, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
High
CVE-2022-27201
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Mar 16, 2022
Improper Restriction of XML External Entity Reference in trytond and proteus
Moderate
CVE-2022-26661
was published
for
proteus
(pip)
Mar 11, 2022
Improper Restriction of XML External Entity Reference in Any23
Critical
CVE-2022-25312
was published
for
org.apache.any23:apache-any23
(Maven)
Mar 6, 2022
Improper Restriction of XML External Entity Reference in Liquibase
Critical
CVE-2022-0839
was published
for
org.liquibase:liquibase-core
(Maven)
Mar 5, 2022
XML External Entity Reference in Hazelcast
Critical
CVE-2022-0265
was published
for
com.hazelcast:hazelcast
(Maven)
Mar 4, 2022
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Critical
CVE-2022-23640
was published
for
com.monitorjbl:xlsx-streamer
(Maven)
Mar 2, 2022
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra
High
CVE-2022-25209
was published
for
org.jenkins-ci.plugins:sinatra-chef-builder
(Maven)
Feb 16, 2022
Improper Restriction of XML External Entity Reference in Magnolia CMS
High
CVE-2021-46365
was published
for
info.magnolia:magnolia-core
(Maven)
Feb 12, 2022
Improper Restriction of XML External Entity Reference
High
CVE-2020-13692
was published
for
org.postgresql:postgresql
(Maven)
Feb 10, 2022
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2022-0239
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
Jan 21, 2022
Improper Restriction of XML External Entity Reference in skylot/jadx
Moderate
CVE-2022-0219
was published
for
io.github.skylot:jadx-core
(Maven)
Jan 21, 2022
ProTip!
Advisories are also available from the
GraphQL API