GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+
55 advisories
Filter by severity
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Moderate
CVE-2024-28168
was published
for
org.apache.xmlgraphics:fop-core
(Maven)
Oct 9, 2024
ClassGraph XML External Entity Reference
Moderate
CVE-2021-47621
was published
for
io.github.classgraph:classgraph
(Maven)
Jun 21, 2024
codehaus-plexus vulnerable to XML injection
Moderate
CVE-2022-4245
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
Sep 25, 2023
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Moderate
CVE-2022-47894
was published
for
org.apache.zeppelin:sap
(Maven)
Apr 9, 2024
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2014-3529
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
Moderate
CVE-2013-6407
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
XML external entity expansion in org.apache.solr:solr-core
Moderate
CVE-2018-8026
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
Moderate
CVE-2018-8010
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects io.vertx:vertx-core
Moderate
CVE-2018-12544
was published
for
io.vertx:vertx-core
(Maven)
Oct 17, 2018
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin
Moderate
CVE-2023-41932
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Sep 6, 2023
XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin
Moderate
CVE-2018-1000198
was published
for
com.blackducksoftware.integration:blackduck-hub
(Maven)
May 14, 2022
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability
Moderate
CVE-2023-6147
was published
for
com.qualys.plugins:qualys-pc
(Maven)
Jan 9, 2024
Qualys Jenkins Plugin for WAS XML External Entity vulnerability
Moderate
CVE-2023-6149
was published
for
com.qualys.plugins:qualys-was
(Maven)
Jan 9, 2024
XXE vulnerability in Jenkins Subversion Plugin
Moderate
CVE-2020-2304
was published
for
org.jenkins-ci.plugins:subversion
(Maven)
May 24, 2022
Apache Camel XML External Entity vulnerability
Moderate
CVE-2015-0263
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
WSO2 products vulnerable to XML External Entity attack
Moderate
CVE-2023-6836
was published
for
org.wso2.am:wso2am
(Maven)
Dec 15, 2023
XXE vulnerability in Jenkins Visualworks Store Plugin
Moderate
CVE-2020-2315
was published
for
org.jenkins-ci.plugins:visualworks-store
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Mercurial Plugin
Moderate
CVE-2020-2305
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 24, 2022
Duplicate Advisory: Eclipse IDE XXE in eclipse.platform
Moderate
GHSA-cc4w-3cff-j8fw
was published
for
org.eclipse.platform:eclipse.platform
(Maven)
Nov 9, 2023
•
withdrawn
Esoteric YamlBeans XML Entity Expansion vulnerability
Moderate
CVE-2023-24620
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
DDFFileParser is vulnerable to XXE Attacks
Moderate
CVE-2023-41034
was published
for
org.eclipse.leshan:leshan-core
(Maven)
Aug 31, 2023
Jenkins External Monitor Job Type Plugin XML external entity vulnerability
Moderate
CVE-2023-37942
was published
for
org.jenkins-ci.plugins:external-monitor-job
(Maven)
Jul 12, 2023
XML External Entity Reference in Jenkins Violations Plugin
Moderate
CVE-2022-45386
was published
for
org.jenkins-ci.plugins:violations
(Maven)
Nov 16, 2022
XXE vulnerability in Jenkins pom2config Plugin
Moderate
CVE-2021-43576
was published
for
org.jenkins-ci.plugins:pom2config
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API