GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
Moderate
CVE-2016-6805
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Apache Camel XML External Entity vulnerability
Moderate
CVE-2015-0263
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects io.vertx:vertx-core
Moderate
CVE-2018-12544
was published
for
io.vertx:vertx-core
(Maven)
Oct 17, 2018
XML external entity expansion in org.apache.solr:solr-core
Moderate
CVE-2018-8026
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
Moderate
CVE-2018-8010
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Moderate
CVE-2019-9658
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Mar 14, 2019
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Apache NiFi information disclosure by XXE
Moderate
CVE-2019-10080
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Moderate
CVE-2019-10782
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Jan 31, 2020
Improper Restriction of XML External Entity Reference in Apache Olingo
Moderate
CVE-2019-17554
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Authenticated XML External Entity Processing
Moderate
GHSA-8xv9-qcr9-ww9j
was published
for
shopware/core
(Composer)
Oct 19, 2020
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability
Moderate
CVE-2020-26247
was published
for
nokogiri
(RubyGems)
Dec 30, 2020
XXE vulnerability in Jenkins Selenium HTML report Plugin
Moderate
CVE-2021-21672
was published
for
org.jenkins-ci.plugins:seleniumhtmlreport
(Maven)
Jul 2, 2021
XML External Entity Reference in Glances
Moderate
CVE-2021-23418
was published
for
Glances
(pip)
Aug 9, 2021
XML External Entity Reference in org.opencms:opencms-core
Moderate
CVE-2021-3312
was published
for
org.opencms:opencms-core
(Maven)
Oct 12, 2021
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4...
Moderate
Unreviewed
CVE-2021-44147
was published
Nov 23, 2021
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference
Moderate
Unreviewed
CVE-2021-3836
was published
Dec 15, 2021
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a...
Moderate
Unreviewed
CVE-2021-45096
was published
Dec 17, 2021
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file...
Moderate
Unreviewed
CVE-2021-44028
was published
Dec 23, 2021
Improper Restriction of XML External Entity Reference in Apache NiFi
Moderate
CVE-2020-13940
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
XML External Entity Reference in edu.stanford.nlp:stanford-corenlp
Moderate
CVE-2022-0198
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
Jan 14, 2022
Improper Restriction of XML External Entity Reference in skylot/jadx
Moderate
CVE-2022-0219
was published
for
io.github.skylot:jadx-core
(Maven)
Jan 21, 2022
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14...
Moderate
Unreviewed
CVE-2022-23031
was published
Jan 26, 2022
Improper Restriction of XML External Entity Reference in trytond and proteus
Moderate
CVE-2022-26661
was published
for
proteus
(pip)
Mar 11, 2022
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the...
Moderate
Unreviewed
CVE-2022-22835
was published
Mar 11, 2022
ProTip!
Advisories are also available from the
GraphQL API