Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

108 advisories

Loading
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` High
CVE-2024-52007 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Nov 8, 2024
allonsyintensely
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
Jenkins MATLAB Plugin XML External Entity vulnerability High
CVE-2023-49656 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability High
CVE-2023-41933 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Sep 6, 2023
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
OpenNMS Horizon XXE Injection Vulnerability High
CVE-2023-0871 was published for org.opennms.core:org.opennms.core.xml (Maven) Aug 11, 2023
Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability High
CVE-2023-28685 was published for org.jenkins-ci.plugins:absint-a3 (Maven) Jul 6, 2023
HuTool XML parsing module has blind XXE vulnerability High
CVE-2023-3276 was published for cn.hutool:hutool-core (Maven) Jun 15, 2023
Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28680 was published for org.jenkins-ci.plugins:crap4j (Maven) Apr 2, 2023
Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28681 was published for org.jenkins-ci.plugins:vs-code-metrics (Maven) Apr 2, 2023
Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28683 was published for org.jenkins-ci.plugins:phabricator-plugin (Maven) Apr 2, 2023
Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks High
CVE-2023-28684 was published for com.sap.jenkinsci:remote-jobs-view-plugin (Maven) Apr 2, 2023
Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28682 was published for org.jenkins-ci.plugins:perfpublisher (Maven) Apr 2, 2023
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference High
CVE-2023-27480 was published for org.xwiki.platform:xwiki-platform-xar-model (Maven) Mar 8, 2023
dd-plist XML External Entitly vulnerability High
CVE-2016-15026 was published for com.googlecode.plist:dd-plist (Maven) Feb 20, 2023
XML External Entity Reference in ureport High
CVE-2023-24187 was published for com.bstek.ureport:ureport2-core (Maven) Feb 14, 2023
XML External Entity Reference in Apache NiFi High
CVE-2023-22832 was published for org.apache.nifi:nifi-ccda-processors (Maven) Feb 10, 2023
exceptionfactory
Jenkins Plot Plugin XML External Entity Reference vulnerability High
CVE-2022-46682 was published for org.jenkins-ci.plugins:plot (Maven) Dec 12, 2022
XXE vulnerability in Jenkins JAPEX Plugin High
CVE-2022-45400 was published for org.jvnet.hudson.plugins:japex (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43430 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API