Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

105 advisories

Loading
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
Jenkins MATLAB Plugin XML External Entity vulnerability High
CVE-2023-49656 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability High
CVE-2023-41933 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Sep 6, 2023
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
OpenNMS Horizon XXE Injection Vulnerability High
CVE-2023-0871 was published for org.opennms.core:org.opennms.core.xml (Maven) Aug 11, 2023
Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability High
CVE-2023-28685 was published for org.jenkins-ci.plugins:absint-a3 (Maven) Jul 6, 2023
HuTool XML parsing module has blind XXE vulnerability High
CVE-2023-3276 was published for cn.hutool:hutool-core (Maven) Jun 15, 2023
Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28681 was published for org.jenkins-ci.plugins:vs-code-metrics (Maven) Apr 2, 2023
Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28680 was published for org.jenkins-ci.plugins:crap4j (Maven) Apr 2, 2023
Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28682 was published for org.jenkins-ci.plugins:perfpublisher (Maven) Apr 2, 2023
Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28683 was published for org.jenkins-ci.plugins:phabricator-plugin (Maven) Apr 2, 2023
Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks High
CVE-2023-28684 was published for com.sap.jenkinsci:remote-jobs-view-plugin (Maven) Apr 2, 2023
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference High
CVE-2023-27480 was published for org.xwiki.platform:xwiki-platform-xar-model (Maven) Mar 8, 2023
dd-plist XML External Entitly vulnerability High
CVE-2016-15026 was published for com.googlecode.plist:dd-plist (Maven) Feb 20, 2023
XML External Entity Reference in ureport High
CVE-2023-24187 was published for com.bstek.ureport:ureport2-core (Maven) Feb 14, 2023
XML External Entity Reference in Apache NiFi High
CVE-2023-22832 was published for org.apache.nifi:nifi (Maven) Feb 10, 2023
Jenkins Plot Plugin XML External Entity Reference vulnerability High
CVE-2022-46682 was published for org.jenkins-ci.plugins:plot (Maven) Dec 12, 2022
XXE vulnerability in Jenkins JAPEX Plugin High
CVE-2022-45400 was published for org.jvnet.hudson.plugins:japex (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability in Jenkins REPO Plugin High
CVE-2022-43415 was published for org.jenkins-ci.plugins:repo (Maven) Oct 19, 2022
NotMyFault
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43430 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP High
CVE-2022-40705 was published for soap:soap (Maven) Sep 23, 2022
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-41226 was published for com.compuware.jenkins:compuware-common-configuration (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API