Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

62 advisories

Loading
XML external entity injection in Terracotta Quartz Scheduler Critical
CVE-2019-13990 was published for org.quartz-scheduler:quartz (Maven) Jul 1, 2020
XML External Entity Reference in drools Critical
CVE-2021-41411 was published for org.drools:drools-core (Maven) Jun 17, 2022
wnicholson
Apache ActiveMQ Apollo XXE Vulnerability Critical
CVE-2014-3579 was published for org.apache.activemq:apollo-project (Maven) May 14, 2022
MarkLee131
Remote code execution occurs in Apache Solr Critical
CVE-2017-12629 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
Improper Restriction of XML External Entity Reference in pippo-core Critical
CVE-2018-20059 was published for ro.pippo:pippo-core (Maven) Dec 19, 2018
MarkLee131
java-xmlbuilder vulnerable to XML External Entity Reference Critical
CVE-2014-125087 was published for com.jamesmurty.utils:java-xmlbuilder (Maven) Feb 19, 2023
aXMLRPC XML External Entity vulnerability Critical
CVE-2020-36641 was published for fr.turri:aXMLRPC (Maven) Jan 5, 2023
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
XML Entity Expansion in Jenkins TestComplete support Plugin Critical
CVE-2023-24443 was published for org.jenkins-ci.plugins:TestComplete (Maven) Jan 26, 2023
Apache is vulnerable to XXE in XSD validation processor Critical
CVE-2018-8027 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2014-3600 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin Critical
CVE-2021-21669 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) May 24, 2022
westonsteimel NotMyFault
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability Critical
CVE-2023-49733 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24430 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
XML external entity vulnerability in Jenkins Nuget Plugin Critical
CVE-2021-21658 was published for org.jenkins-ci.plugins:nuget (Maven) May 24, 2022
westonsteimel NotMyFault
XXE vulnerability in Jenkins Job Import Plugin Critical
CVE-2019-1003015 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) May 13, 2022
westonsteimel
bonita-connector-webservice XML External Entity vulnerability Critical
CVE-2020-36640 was published for org.bonitasoft.connectors:bonita-connector-webservice (Maven) Jan 5, 2023
dssp vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2016-15011 was published for be.e_contract.dssp:dssp-client (Maven) Jan 6, 2023
iText RUPS XML External Entity vulnerability Critical
CVE-2017-20151 was published for com.itextpdf:itext-rups (Maven) Dec 30, 2022
XML External Entity Reference in apache jena Critical
CVE-2022-28890 was published for org.apache.jena:jena (Maven) May 6, 2022
thomasredlin
XML External Entity Reference in Apache Sling Critical
CVE-2016-6798 was published for org.apache.sling:org.apache.sling.xss (Maven) May 17, 2022
wtwhite
Improper Restriction of XML External Entity Reference in Apache NiFi Critical
CVE-2018-1309 was published for org.apache.nifi:nifi-standard-processors (Maven) May 14, 2022
XML External Entity Reference in Apache Karaf Critical
CVE-2018-11788 was published for org.apache.karaf.specs:org.apache.karaf.specs.java.xml (Maven) Jan 7, 2019
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer Critical
CVE-2022-23640 was published for com.monitorjbl:xlsx-streamer (Maven) Mar 2, 2022
pjfanning
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database