Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability Low
CVE-2024-52800 was published for org.verapdf:core (Maven) Dec 2, 2024
Ucum-java has an XXE vulnerability in XML parsing High
CVE-2024-55887 was published for org.fhir:ucum (Maven) Dec 13, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
Liferay Portal has an XXE vulnerability in Java2WsddTask._format High
CVE-2024-25606 was published for com.liferay.portal:com.liferay.util.java (Maven) Feb 20, 2024
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` High
CVE-2024-52007 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Nov 8, 2024
allonsyintensely
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
XML external entity injection in Terracotta Quartz Scheduler Critical
CVE-2019-13990 was published for org.quartz-scheduler:quartz (Maven) Jul 1, 2020
XML External Entity Reference in Apache NiFi High
CVE-2023-22832 was published for org.apache.nifi:nifi-ccda-processors (Maven) Feb 10, 2023
exceptionfactory
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability Moderate
CVE-2024-28168 was published for org.apache.xmlgraphics:fop-core (Maven) Oct 9, 2024
westonsteimel
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations Low
GHSA-58qw-p7qm-5rvh was published for org.eclipse.jetty:jetty-xml (Maven) Jul 10, 2023
uriyay-jfrog joakime
chadlwilson timtebeek
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
ClassGraph XML External Entity Reference Moderate
CVE-2021-47621 was published for io.github.classgraph:classgraph (Maven) Jun 21, 2024
XML External Entity Reference in drools Critical
CVE-2021-41411 was published for org.drools:drools-core (Maven) Jun 17, 2022
wnicholson
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin High
CVE-2019-10337 was published for org.jenkins-ci.plugins:token-macro (Maven) May 24, 2022
secjoker
Improper Restriction of XML External Entity Reference in bedework:bw-webdav High
CVE-2018-20000 was published for org.bedework:bw-webdav (Maven) Dec 19, 2018
SunBK201
Improper Restriction of XML External Entity Reference High
CVE-2020-13692 was published for org.postgresql:postgresql (Maven) Feb 10, 2022
SunBK201
codehaus-plexus vulnerable to XML injection Moderate
CVE-2022-4245 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE Moderate
CVE-2022-47894 was published for org.apache.zeppelin:sap (Maven) Apr 9, 2024
Apache ActiveMQ Apollo XXE Vulnerability Critical
CVE-2014-3579 was published for org.apache.activemq:apollo-project (Maven) May 14, 2022
MarkLee131
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2014-3529 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database