GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
Pysaml2 does not sanitize XML responses
High
CVE-2016-10149
was published
for
pysaml2
(pip)
Jul 16, 2018
feedparser denial of service vulnerability
High
CVE-2012-2921
was published
for
feedparser
(pip)
Jul 24, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
High
CVE-2018-0765
was published
for
System.Security.Cryptography.Xml
(NuGet)
Oct 16, 2018
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request
High
CVE-2017-14949
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider
High
CVE-2017-14868
was published
for
org.restlet.jse:org.restlet.ext.jaxrs
(Maven)
Oct 17, 2018
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
High
CVE-2018-11796
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Apache Tika does not properly initialize the XML parser or choose handlers
High
CVE-2016-4434
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
High severity vulnerability that affects org.apache.tika:tika-core
High
CVE-2018-11761
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
High
CVE-2018-1259
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
High severity vulnerability that affects org.apache.pdfbox:pdfbox
High
CVE-2016-2175
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Oct 17, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
High
CVE-2018-1308
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
High
CVE-2016-7051
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore
High
CVE-2016-4216
was published
for
com.adobe.xmp:xmpcore
(Maven)
Oct 19, 2018
Apache juddi-client vulnerable to XML External Entity (XXE)
High
CVE-2018-1307
was published
for
org.apache.juddi:juddi-client
(Maven)
Oct 19, 2018
Android SVG vulnerable to XML External Entity (XXE)
High
CVE-2017-1000498
was published
for
com.caverock:androidsvg
(Maven)
Oct 19, 2018
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
High
CVE-2018-17186
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Improper Restriction of XML External Entity Reference in bedework:bw-webdav
High
CVE-2018-20000
was published
for
org.bedework:bw-webdav
(Maven)
Dec 19, 2018
XML External Entity injection in Apache Camel
High
CVE-2019-0188
was published
for
org.apache.camel:camel-core
(Maven)
May 29, 2019
Improper Restriction of XML External Entity Reference in DiffPlug Spotless
High
CVE-2019-9843
was published
for
com.diffplug.spotless:spotless-maven-plugin
(Maven)
Jul 5, 2019
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
Improper Restriction of XML External Entity Reference in jackson-mapper-asl
High
CVE-2019-10172
was published
for
org.codehaus.jackson:jackson-mapper-asl
(Maven)
Feb 4, 2020
XXE in Apache Standard Taglibs
High
CVE-2015-0254
was published
for
org.apache.taglibs:taglibs-standard
(Maven)
Sep 14, 2020
XML External Entity (XXE) Injection in Jackson Databind
High
CVE-2020-25649
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Feb 18, 2021
Improper Restriction of XML External Entity Reference in Plone
High
CVE-2020-28734
was published
for
Plone
(pip)
Apr 7, 2021
ProTip!
Advisories are also available from the
GraphQL API