GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
995 advisories
Filter by severity
XML2Dict XML Entity Expansion Vulnerability
High
CVE-2021-25951
was published
for
XML2Dict
(pip)
Jul 2, 2021
XXE vulnerability in Jenkins Selenium HTML report Plugin
Moderate
CVE-2021-21672
was published
for
org.jenkins-ci.plugins:seleniumhtmlreport
(Maven)
Jul 2, 2021
XXE vulnerability in Launch import
High
CVE-2020-12642
was published
for
com.epam.reportportal:service-api
(Maven)
Jun 28, 2021
XXE vulnerability on Launch import with externally-defined DTD file
High
CVE-2021-29620
was published
for
com.epam.reportportal:service-api
(Maven)
Jun 28, 2021
Arbitrary code injection in json-sanitizer
Critical
CVE-2021-23899
was published
for
com.mikesamuel:json-sanitizer
(Maven)
Jun 16, 2021
Improper Restriction of XML External Entity Reference in MPXJ
Critical
CVE-2020-25020
was published
for
net.sf.mpxj:mpxj
(Maven)
May 7, 2021
Improper Restriction of XML External Entity Reference in pikepdf
High
CVE-2021-29421
was published
for
pikepdf
(pip)
Apr 20, 2021
Improper Restriction of XML External Entity Reference in Plone
High
CVE-2020-28736
was published
for
Plone
(pip)
Apr 7, 2021
Improper Restriction of XML External Entity Reference in Plone
High
CVE-2020-28734
was published
for
Plone
(pip)
Apr 7, 2021
XML External Entity (XXE) Injection in Jackson Databind
High
CVE-2020-25649
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Feb 18, 2021
XML External Entity attack in log4net
Critical
CVE-2018-1285
was published
for
log4net
(NuGet)
Jan 29, 2021
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability
Moderate
CVE-2020-26247
was published
for
nokogiri
(RubyGems)
Dec 30, 2020
XML External Entity in Dashboard Widget
Low
CVE-2020-26229
was published
for
typo3/cms
(Composer)
Nov 23, 2020
Authenticated XML External Entity Processing
Moderate
GHSA-8xv9-qcr9-ww9j
was published
for
shopware/core
(Composer)
Oct 19, 2020
XXE in Apache Standard Taglibs
High
CVE-2015-0254
was published
for
org.apache.taglibs:taglibs-standard
(Maven)
Sep 14, 2020
XXE attack in Mapfish Print
Critical
CVE-2020-15232
was published
for
org.mapfish.print:print-lib
(Maven)
Jul 7, 2020
XML external entity injection in Terracotta Quartz Scheduler
Critical
CVE-2019-13990
was published
for
org.quartz-scheduler:quartz
(Maven)
Jul 1, 2020
dom4j allows External Entities by default which might enable XXE attacks
Critical
CVE-2020-10683
was published
for
dom4j:dom4j
(Maven)
Jun 5, 2020
Improper Restriction of XML External Entity Reference in jackson-mapper-asl
High
CVE-2019-10172
was published
for
org.codehaus.jackson:jackson-mapper-asl
(Maven)
Feb 4, 2020
Improper Restriction of XML External Entity Reference in Apache Olingo
Moderate
CVE-2019-17554
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Moderate
CVE-2019-10782
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Jan 31, 2020
Apache NiFi information disclosure by XXE
Moderate
CVE-2019-10080
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
ProTip!
Advisories are also available from the
GraphQL API