Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
DDFFileParser is vulnerable to XXE Attacks Moderate
CVE-2023-41034 was published for org.eclipse.leshan:leshan-core (Maven) Aug 31, 2023
JaroslawLegierski
Esoteric YamlBeans XML Entity Expansion vulnerability Moderate
CVE-2023-24620 was published for com.esotericsoftware.yamlbeans:yamlbeans (Maven) Aug 25, 2023
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
OpenNMS Horizon XXE Injection Vulnerability High
CVE-2023-0871 was published for org.opennms.core:org.opennms.core.xml (Maven) Aug 11, 2023
Jenkins External Monitor Job Type Plugin XML external entity vulnerability Moderate
CVE-2023-37942 was published for org.jenkins-ci.plugins:external-monitor-job (Maven) Jul 12, 2023
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations Low
GHSA-58qw-p7qm-5rvh was published for org.eclipse.jetty:jetty-xml (Maven) Jul 10, 2023
uriyay-jfrog joakime
chadlwilson timtebeek
Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability High
CVE-2023-28685 was published for org.jenkins-ci.plugins:absint-a3 (Maven) Jul 6, 2023
HuTool XML parsing module has blind XXE vulnerability High
CVE-2023-3276 was published for cn.hutool:hutool-core (Maven) Jun 15, 2023
Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28680 was published for org.jenkins-ci.plugins:crap4j (Maven) Apr 2, 2023
Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28681 was published for org.jenkins-ci.plugins:vs-code-metrics (Maven) Apr 2, 2023
Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28683 was published for org.jenkins-ci.plugins:phabricator-plugin (Maven) Apr 2, 2023
Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28682 was published for org.jenkins-ci.plugins:perfpublisher (Maven) Apr 2, 2023
Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks High
CVE-2023-28684 was published for com.sap.jenkinsci:remote-jobs-view-plugin (Maven) Apr 2, 2023
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference High
CVE-2023-27480 was published for org.xwiki.platform:xwiki-platform-xar-model (Maven) Mar 8, 2023
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
GHSA-9vx8-f5c4-862x was published for org.neo4j.procedure:apoc (Maven) Feb 24, 2023
dd-plist XML External Entitly vulnerability High
CVE-2016-15026 was published for com.googlecode.plist:dd-plist (Maven) Feb 20, 2023
java-xmlbuilder vulnerable to XML External Entity Reference Critical
CVE-2014-125087 was published for com.jamesmurty.utils:java-xmlbuilder (Maven) Feb 19, 2023
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
CVE-2023-23926 was published for org.neo4j.procedure:apoc-core (Maven) Feb 16, 2023
Lojjs
XML External Entity Reference in ureport High
CVE-2023-24187 was published for com.bstek.ureport:ureport2-core (Maven) Feb 14, 2023
XML External Entity Reference in Apache NiFi High
CVE-2023-22832 was published for org.apache.nifi:nifi-ccda-processors (Maven) Feb 10, 2023
exceptionfactory
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24430 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
XML Entity Expansion in Jenkins TestComplete support Plugin Critical
CVE-2023-24443 was published for org.jenkins-ci.plugins:TestComplete (Maven) Jan 26, 2023
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24429 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
dssp vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2016-15011 was published for be.e_contract.dssp:dssp-client (Maven) Jan 6, 2023
bonita-connector-webservice XML External Entity vulnerability Critical
CVE-2020-36640 was published for org.bonitasoft.connectors:bonita-connector-webservice (Maven) Jan 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database