GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
224 advisories
Filter by severity
XML external entity (XXE) attacks in Jenkins Xcode integration Plugin
High
CVE-2021-21656
was published
for
org.jenkins-ci.plugins:xcode-plugin
(Maven)
Mar 18, 2022
XML external entity (XXE) injection in Apache Nutch
Critical
CVE-2021-23901
was published
for
org.apache.nutch:nutch
(Maven)
Mar 18, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
High
CVE-2022-27201
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Mar 16, 2022
Improper Restriction of XML External Entity Reference in Any23
Critical
CVE-2022-25312
was published
for
org.apache.any23:apache-any23
(Maven)
Mar 6, 2022
Improper Restriction of XML External Entity Reference in Liquibase
Critical
CVE-2022-0839
was published
for
org.liquibase:liquibase-core
(Maven)
Mar 5, 2022
XML External Entity Reference in Hazelcast
Critical
CVE-2022-0265
was published
for
com.hazelcast:hazelcast
(Maven)
Mar 4, 2022
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Critical
CVE-2022-23640
was published
for
com.monitorjbl:xlsx-streamer
(Maven)
Mar 2, 2022
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra
High
CVE-2022-25209
was published
for
org.jenkins-ci.plugins:sinatra-chef-builder
(Maven)
Feb 16, 2022
Improper Restriction of XML External Entity Reference in Magnolia CMS
High
CVE-2021-46365
was published
for
info.magnolia:magnolia-core
(Maven)
Feb 12, 2022
Improper Restriction of XML External Entity Reference
High
CVE-2020-13692
was published
for
org.postgresql:postgresql
(Maven)
Feb 10, 2022
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2022-0239
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
Jan 21, 2022
Improper Restriction of XML External Entity Reference in skylot/jadx
Moderate
CVE-2022-0219
was published
for
io.github.skylot:jadx-core
(Maven)
Jan 21, 2022
XML External Entity Reference in edu.stanford.nlp:stanford-corenlp
Moderate
CVE-2022-0198
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
Jan 14, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi
Moderate
CVE-2020-13940
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
Improper Restriction of XML External Entity Reference in com.h2database:h2.
High
CVE-2021-23463
was published
for
com.h2database:h2
(Maven)
Dec 16, 2021
XML External Entity Reference in org.opencms:opencms-core
Moderate
CVE-2021-3312
was published
for
org.opencms:opencms-core
(Maven)
Oct 12, 2021
XML External Entity Reference in Apache Jena
High
CVE-2021-39239
was published
for
org.apache.jena:jena-core
(Maven)
Sep 20, 2021
XML Injection in Any23
Critical
CVE-2021-38555
was published
for
org.apache.any23:apache-any23
(Maven)
Sep 13, 2021
XML External Entity Reference
High
GHSA-7qfm-6m33-rgg9
was published
for
com.epam.reportportal:service-api
(Maven)
Aug 13, 2021
XML External Entity (XXE) Injection in JDOM
High
CVE-2021-33813
was published
for
org.jdom:jdom
(Maven)
Jul 27, 2021
XXE vulnerability in Jenkins Selenium HTML report Plugin
Moderate
CVE-2021-21672
was published
for
org.jenkins-ci.plugins:seleniumhtmlreport
(Maven)
Jul 2, 2021
XXE vulnerability in Launch import
High
CVE-2020-12642
was published
for
com.epam.reportportal:service-api
(Maven)
Jun 28, 2021
XXE vulnerability on Launch import with externally-defined DTD file
High
CVE-2021-29620
was published
for
com.epam.reportportal:service-api
(Maven)
Jun 28, 2021
Arbitrary code injection in json-sanitizer
Critical
CVE-2021-23899
was published
for
com.mikesamuel:json-sanitizer
(Maven)
Jun 16, 2021
Improper Restriction of XML External Entity Reference in MPXJ
Critical
CVE-2020-25020
was published
for
net.sf.mpxj:mpxj
(Maven)
May 7, 2021
ProTip!
Advisories are also available from the
GraphQL API