GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
63 advisories
Filter by severity
Apache is vulnerable to XXE in XSD validation processor
Critical
CVE-2018-8027
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
Critical
CVE-2018-15531
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Oct 17, 2018
Remote code execution occurs in Apache Solr
Critical
CVE-2017-12629
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
jackson-dataformat-xml vulnerable to XML external entity (XXE)
Critical
CVE-2016-3720
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
Eclipse RDF4j vulnerable to XML External Entitiy
Critical
CVE-2018-1000644
was published
for
org.eclipse.rdf4j:rdf4j-runtime
(Maven)
Oct 19, 2018
Improper Restriction of XML External Entity Reference in pippo-core
Critical
CVE-2018-20059
was published
for
ro.pippo:pippo-core
(Maven)
Dec 19, 2018
XML External Entity (XXE) vulnerability in neo4j.procedure:apoc
Critical
CVE-2018-1000820
was published
for
org.neo4j.procedure:apoc
(Maven)
Dec 20, 2018
XML External Entity (XXE) vulnerability in codelibs fess
Critical
CVE-2018-1000822
was published
for
org.codelibs.fess:fess
(Maven)
Dec 20, 2018
exist-db:exist-core XML External Entity (XXE) vulnerability
Critical
CVE-2018-1000823
was published
for
org.exist-db:exist-core
(Maven)
Dec 20, 2018
XML External Entity (XXE) vulnerability in bw-calendar-engine
Critical
CVE-2018-1000836
was published
for
org.bedework.caleng:bw-calendar-engine
(Maven)
Dec 20, 2018
XML External Entity (XXE) vulnerability in Square Retrofit
Critical
CVE-2018-1000844
was published
for
com.squareup.retrofit2:retrofit
(Maven)
Dec 21, 2018
XML External Entity Reference (XXE) in jackson-databind
Critical
CVE-2018-14720
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
XML External Entity Reference in mchange:c3p0
Critical
CVE-2018-20433
was published
for
com.mchange:c3p0
(Maven)
Jan 7, 2019
XML External Entity Reference in Apache Karaf
Critical
CVE-2018-11788
was published
for
org.apache.karaf.specs:org.apache.karaf.specs.java.xml
(Maven)
Jan 7, 2019
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
Critical
CVE-2019-3773
was published
for
org.springframework.ws:spring-ws
(Maven)
Jan 25, 2019
Vulnerability that affects org.apache.pdfbox:pdfbox
Critical
CVE-2019-0228
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jul 5, 2019
dom4j allows External Entities by default which might enable XXE attacks
Critical
CVE-2020-10683
was published
for
dom4j:dom4j
(Maven)
Jun 5, 2020
XML external entity injection in Terracotta Quartz Scheduler
Critical
CVE-2019-13990
was published
for
org.quartz-scheduler:quartz
(Maven)
Jul 1, 2020
XXE attack in Mapfish Print
Critical
CVE-2020-15232
was published
for
org.mapfish.print:print-lib
(Maven)
Jul 7, 2020
Improper Restriction of XML External Entity Reference in MPXJ
Critical
CVE-2020-25020
was published
for
net.sf.mpxj:mpxj
(Maven)
May 7, 2021
Arbitrary code injection in json-sanitizer
Critical
CVE-2021-23899
was published
for
com.mikesamuel:json-sanitizer
(Maven)
Jun 16, 2021
XML Injection in Any23
Critical
CVE-2021-38555
was published
for
org.apache.any23:apache-any23
(Maven)
Sep 13, 2021
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2022-0239
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
Jan 21, 2022
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Critical
CVE-2022-23640
was published
for
com.monitorjbl:xlsx-streamer
(Maven)
Mar 2, 2022
XML External Entity Reference in Hazelcast
Critical
CVE-2022-0265
was published
for
com.hazelcast:hazelcast
(Maven)
Mar 4, 2022
ProTip!
Advisories are also available from the
GraphQL API