Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,044
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

168 advisories

Loading
XXE Vulnerability in XMLBundle 0.1.7 High
CVE-2017-1000477 was published for desperado/xml-bundle (Composer) May 14, 2022
XXE vulnerability in Jenkins DRY Plugin High
CVE-2018-1000010 was published for org.jvnet.hudson.plugins:dry (Maven) May 14, 2022
XXE vulnerability in Jenkins PMD Plugin High
CVE-2018-1000008 was published for org.jvnet.hudson.plugins:pmd (Maven) May 14, 2022
XXE vulnerability in Jenkins Checkstyle Plugin High
CVE-2018-1000009 was published for org.jvnet.hudson.plugins:checkstyle (Maven) May 14, 2022
XML External Entity Reference in Jenkins FindBugs Plugin High
CVE-2018-1000011 was published for org.jvnet.hudson.plugins.findbugs:library (Maven) May 14, 2022
XXE vulnerability Jenkins Warnings Plugin High
CVE-2018-1000012 was published for org.jvnet.hudson.plugins:warnings (Maven) May 14, 2022
XXE vulnerability in Jenkins Android Lint Plugin High
CVE-2018-1000055 was published for org.jvnet.hudson.plugins:android-lint (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin High
CVE-2018-1000056 was published for org.jenkins-ci.plugins:junit (Maven) May 14, 2022
Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2018-1000054 was published for org.jvnet.hudson.plugins:ccm (Maven) May 14, 2022
WeChat Pay Java SDK allows XXE High
CVE-2018-13439 was published for com.github.wxpay:wxpay-sdk (Maven) May 14, 2022
XML External Entity Reference in Apache Cayenne High
CVE-2018-11758 was published for org.apache.cayenne:cayenne-parent (Maven) May 14, 2022
Apache XML-RPC XXE Vulnerability High
CVE-2016-5002 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in PMD High
CVE-2019-7722 was published for net.sourceforge.pmd:pmd-core (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache Batik High
CVE-2017-5662 was published for org.apache.xmlgraphics:batik (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in iText High
CVE-2017-9096 was published for com.itextpdf:itextpdf (Maven) May 13, 2022
AndrzejBiernacki2010
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS High
CVE-2016-8739 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Improper Restriction of XML External Entity Reference in Apache FOP High
CVE-2017-5661 was published for org.apache.xmlgraphics:fop (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in python-docx High
CVE-2016-5851 was published for python-docx (pip) May 13, 2022
tdunlap607
Improper Restriction of XML External Entity Reference in Spring Framework High
CVE-2014-0225 was published for org.springframework:spring-webmvc (Maven) May 13, 2022
sunSUNQ
Multiple components in Apache NiFi do not restrict XML External Entity references High
CVE-2022-29265 was published for org.apache.nifi:nifi (Maven) May 1, 2022
XML External Entity Reference in detekt High
CVE-2022-0272 was published for io.gitlab.arturbosch.detekt:detekt-core (Maven) Apr 22, 2022
Inline DTD allows XML bomb attack High
CVE-2019-15160 was published for sweet_xml (Erlang) Apr 12, 2022
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin High
CVE-2022-28155 was published for com.surenpi.jenkins:phoenix-autotest (Maven) Mar 30, 2022
NotMyFault
XXE vulnerability in Jenkins Flaky Test Handler Plugin High
CVE-2022-28140 was published for org.jenkins-ci.plugins:flaky-test-handler (Maven) Mar 30, 2022
westonsteimel
enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability High
CVE-2022-28154 was published for org.jenkins-ci.plugins:covcomplplot (Maven) Mar 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database