GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
461 advisories
Filter by severity
Improper Restriction of XML External Entity Reference in Plone
High
CVE-2020-28736
was published
for
Plone
(pip)
Apr 7, 2021
Improper Restriction of XML External Entity Reference in pikepdf
High
CVE-2021-29421
was published
for
pikepdf
(pip)
Apr 20, 2021
XXE vulnerability on Launch import with externally-defined DTD file
High
CVE-2021-29620
was published
for
com.epam.reportportal:service-api
(Maven)
Jun 28, 2021
XXE vulnerability in Launch import
High
CVE-2020-12642
was published
for
com.epam.reportportal:service-api
(Maven)
Jun 28, 2021
XML2Dict XML Entity Expansion Vulnerability
High
CVE-2021-25951
was published
for
XML2Dict
(pip)
Jul 2, 2021
XML External Entity (XXE) Injection in JDOM
High
CVE-2021-33813
was published
for
org.jdom:jdom
(Maven)
Jul 27, 2021
XML External Entity Reference
High
GHSA-7qfm-6m33-rgg9
was published
for
com.epam.reportportal:service-api
(Maven)
Aug 13, 2021
XML External Entity Injection in PyWPS
High
CVE-2021-39371
was published
for
pywps
(pip)
Sep 2, 2021
XML External Entity Reference in Apache Jena
High
CVE-2021-39239
was published
for
org.apache.jena:jena-core
(Maven)
Sep 20, 2021
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
High
CVE-2021-41098
was published
for
nokogiri
(RubyGems)
Sep 27, 2021
XML External Entity vulnerability in Easy-XML
High
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.
High
Unreviewed
CVE-2021-42776
was published
Dec 2, 2021
Improper Restriction of XML External Entity Reference in com.h2database:h2.
High
CVE-2021-23463
was published
for
com.h2database:h2
(Maven)
Dec 16, 2021
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG"...
High
Unreviewed
CVE-2021-42560
was published
Jan 13, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity...
High
Unreviewed
CVE-2020-4875
was published
Jan 22, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity...
High
Unreviewed
CVE-2020-4876
was published
Jan 22, 2022
Improper Restriction of XML External Entity Reference
High
CVE-2020-13692
was published
for
org.postgresql:postgresql
(Maven)
Feb 10, 2022
Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before...
High
Unreviewed
CVE-2022-21220
was published
Feb 11, 2022
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R)...
High
Unreviewed
CVE-2022-21205
was published
Feb 11, 2022
Improper Restriction of XML External Entity Reference in Magnolia CMS
High
CVE-2021-46365
was published
for
info.magnolia:magnolia-core
(Maven)
Feb 12, 2022
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra
High
CVE-2022-25209
was published
for
org.jenkins-ci.plugins:sinatra-chef-builder
(Maven)
Feb 16, 2022
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly...
High
Unreviewed
CVE-2020-14478
was published
Feb 25, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
High
CVE-2022-27201
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Mar 16, 2022
XML external entity (XXE) attacks in Jenkins Xcode integration Plugin
High
CVE-2021-21656
was published
for
org.jenkins-ci.plugins:xcode-plugin
(Maven)
Mar 18, 2022
ProTip!
Advisories are also available from the
GraphQL API