Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

62 advisories

Loading
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled)) Moderate
CVE-2019-10782 was published for com.puppycrawl.tools:checkstyle (Maven) Jan 31, 2020
JLLeitschuh
Credited to JLLeitschuh
Improper Restriction of XML External Entity Reference in Apache Olingo Moderate
CVE-2019-17554 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Moderate severity vulnerability that affects org.apache.ignite:ignite-core Moderate
CVE-2016-6805 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle Moderate
CVE-2019-9658 was published for com.puppycrawl.tools:checkstyle (Maven) Mar 14, 2019
Improper Restriction of XML External Entity Reference in wutka jox Moderate
CVE-2021-43142 was published for com.wutka:jox (Maven) Apr 1, 2022
Improper Restriction of XML External Entity Reference in Elasticsearch Moderate
CVE-2018-17247 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in Apache uimaj Moderate
CVE-2017-15691 was published for org.apache.uima:uimafit-core (Maven) May 14, 2022
XML External Entity Reference in RESTEasy Moderate
CVE-2014-7839 was published for org.jboss.resteasy:resteasy-jaxrs (Maven) May 17, 2022
XML External Entity Reference in Eclipse Lyo Moderate
CVE-2021-41042 was published for org.eclipse.lyo:lyo-parent (Maven) Jul 8, 2022
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2019-12415 was published for org.apache.poi:poi (Maven) May 24, 2022
Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml Moderate
CVE-2022-24898 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 28, 2022
XML External Entity Reference in Apache NiFi Moderate
CVE-2017-12623 was published for org.apache.nifi:nifi (Maven) May 17, 2022
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2022-41241 was published for net.praqma:rqm-plugin (Maven) Sep 22, 2022
NotMyFault
Credited to NotMyFault
Apache NiFi information disclosure by XXE Moderate
CVE-2019-10080 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
Improper Restriction of XML External Entity Reference in Apache NiFi Moderate
CVE-2020-13940 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
XML External Entity Reference in org.opencms:opencms-core Moderate
CVE-2021-3312 was published for org.opencms:opencms-core (Maven) Oct 12, 2021
XML External Entity Reference in jbpmmigration Moderate
CVE-2017-7545 was published for org.jbpm.jbpm5:jbpmmigration (Maven) May 13, 2022
HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2014-3599 was published for org.hornetq.rest:hornetq-rest (Maven) May 24, 2022
XML External Entity Reference in edu.stanford.nlp:stanford-corenlp Moderate
CVE-2022-0198 was published for edu.stanford.nlp:stanford-corenlp (Maven) Jan 14, 2022
Improper Restriction of XML External Entity Reference in skylot/jadx Moderate
CVE-2022-0219 was published for io.github.skylot:jadx-core (Maven) Jan 21, 2022
Haxatron
Credited to Haxatron
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
GHSA-9vx8-f5c4-862x was published for org.neo4j.procedure:apoc (Maven) Feb 24, 2023
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
CVE-2023-23926 was published for org.neo4j.procedure:apoc-core (Maven) Feb 16, 2023
Lojjs
Credited to Lojjs
Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability Moderate
CVE-2016-5000 was published for org.apache.poi:poi-examples (Maven) May 13, 2022
Jenkins Self-Organizing Swarm Plug-in Modules Plugin XXE vulnerability via UDP broadcast response Moderate
CVE-2019-10309 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
XXE vulnerability in Jenkins Nerrvana Plugin Moderate
CVE-2020-2298 was published for org.jenkins-ci.plugins:nerrvana-plugin (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database