Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

139 advisories

Loading
jackson-dataformat-xml vulnerable to server side request forgery (SSRF) High
CVE-2016-7051 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
High severity vulnerability that affects org.apache.tika:tika-core High
CVE-2018-11761 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
High severity vulnerability that affects org.apache.pdfbox:pdfbox High
CVE-2016-2175 was published for org.apache.pdfbox:pdfbox (Maven) Oct 17, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents High
CVE-2018-0765 was published for System.Security.Cryptography.Xml (NuGet) Oct 16, 2018
Apache Tika does not properly initialize the XML parser or choose handlers High
CVE-2016-4434 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack High
CVE-2018-11796 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore High
CVE-2016-4216 was published for com.adobe.xmp:xmpcore (Maven) Oct 19, 2018
Pysaml2 does not sanitize XML responses High
CVE-2016-10149 was published for pysaml2 (pip) Jul 16, 2018
Android SVG vulnerable to XML External Entity (XXE) High
CVE-2017-1000498 was published for com.caverock:androidsvg (Maven) Oct 19, 2018
Apache juddi-client vulnerable to XML External Entity (XXE) High
CVE-2018-1307 was published for org.apache.juddi:juddi-client (Maven) Oct 19, 2018
XML External Entity Reference High
GHSA-7qfm-6m33-rgg9 was published for com.epam.reportportal:service-api (Maven) Aug 13, 2021
Inline DTD allows XML bomb attack High
CVE-2019-15160 was published for sweet_xml (Erlang) Apr 12, 2022
XXE vulnerability in Jenkins Flaky Test Handler Plugin High
CVE-2022-28140 was published for org.jenkins-ci.plugins:flaky-test-handler (Maven) Mar 30, 2022
westonsteimel
XML External Entity Reference in detekt High
CVE-2022-0272 was published for io.gitlab.arturbosch.detekt:detekt-core (Maven) Apr 22, 2022
Improper Restriction of XML External Entity Reference in Apache Batik High
CVE-2017-5662 was published for org.apache.xmlgraphics:batik (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in PMD High
CVE-2019-7722 was published for net.sourceforge.pmd:pmd-core (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin High
CVE-2018-1000056 was published for org.jenkins-ci.plugins:junit (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache FOP High
CVE-2017-5661 was published for org.apache.xmlgraphics:fop (Maven) May 13, 2022
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references High
CVE-2018-1259 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS) High
CVE-2022-37189 was published for mei2volpiano (pip) Sep 8, 2022
Improper Restriction of XML External Entity Reference in Apache Solr High
CVE-2012-6612 was published for org.apache.solr:solr-core (Maven) May 17, 2022
XML External Entity (XXE) Injection in JDOM High
CVE-2021-33813 was published for org.jdom:jdom (Maven) Jul 27, 2021
Improper Restriction of XML External Entity Reference in Stanford CoreNLP High
CVE-2021-3869 was published for edu.stanford.nlp:stanford-corenlp (Maven) May 24, 2022
Improper Restriction of XML External Entity Reference in Openpyxl High
CVE-2017-5992 was published for openpyxl (pip) May 17, 2022
chenghlee
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP High
CVE-2022-40705 was published for soap:soap (Maven) Sep 23, 2022
ProTip! Advisories are also available from the GraphQL API