GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
110 advisories
Filter by severity
Ucum-java has an XXE vulnerability in XML parsing
High
CVE-2024-55887
was published
for
org.fhir:ucum
(Maven)
Dec 13, 2024
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
High
CVE-2024-52007
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Nov 8, 2024
HAPI FHIR XML External Entity (XXE) vulnerability
High
CVE-2024-51132
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Nov 5, 2024
DataEase has an XML External Entity Reference vulnerability
High
CVE-2024-46985
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
High
CVE-2024-46984
was published
for
de.gematik.refv.commons:commons
(Maven)
Sep 19, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
High
CVE-2024-45294
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Sep 6, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
High
CVE-2023-48362
was published
for
org.apache.drill.exec:drill-java-exec
(Maven)
Jul 24, 2024
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
High
CVE-2024-38374
was published
for
org.cyclonedx:cyclonedx-core-java
(Maven)
Jun 24, 2024
Liferay Portal has an XXE vulnerability in Java2WsddTask._format
High
CVE-2024-25606
was published
for
com.liferay.portal:com.liferay.util.java
(Maven)
Feb 20, 2024
Jenkins MATLAB Plugin XML External Entity vulnerability
High
CVE-2023-49656
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability
High
CVE-2023-41933
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Sep 6, 2023
Apache Ivy External Entity Reference vulnerability
High
CVE-2022-46751
was published
for
org.apache.ivy:ivy
(Maven)
Aug 21, 2023
OpenNMS Horizon XXE Injection Vulnerability
High
CVE-2023-0871
was published
for
org.opennms.core:org.opennms.core.xml
(Maven)
Aug 11, 2023
Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability
High
CVE-2023-28685
was published
for
org.jenkins-ci.plugins:absint-a3
(Maven)
Jul 6, 2023
HuTool XML parsing module has blind XXE vulnerability
High
CVE-2023-3276
was published
for
cn.hutool:hutool-core
(Maven)
Jun 15, 2023
Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks
High
CVE-2023-28680
was published
for
org.jenkins-ci.plugins:crap4j
(Maven)
Apr 2, 2023
Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks
High
CVE-2023-28681
was published
for
org.jenkins-ci.plugins:vs-code-metrics
(Maven)
Apr 2, 2023
Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks
High
CVE-2023-28683
was published
for
org.jenkins-ci.plugins:phabricator-plugin
(Maven)
Apr 2, 2023
Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks
High
CVE-2023-28684
was published
for
com.sap.jenkinsci:remote-jobs-view-plugin
(Maven)
Apr 2, 2023
Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks
High
CVE-2023-28682
was published
for
org.jenkins-ci.plugins:perfpublisher
(Maven)
Apr 2, 2023
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
High
CVE-2023-27480
was published
for
org.xwiki.platform:xwiki-platform-xar-model
(Maven)
Mar 8, 2023
dd-plist XML External Entitly vulnerability
High
CVE-2016-15026
was published
for
com.googlecode.plist:dd-plist
(Maven)
Feb 20, 2023
XML External Entity Reference in ureport
High
CVE-2023-24187
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Feb 14, 2023
XML External Entity Reference in Apache NiFi
High
CVE-2023-22832
was published
for
org.apache.nifi:nifi-ccda-processors
(Maven)
Feb 10, 2023
Jenkins Plot Plugin XML External Entity Reference vulnerability
High
CVE-2022-46682
was published
for
org.jenkins-ci.plugins:plot
(Maven)
Dec 12, 2022
ProTip!
Advisories are also available from the
GraphQL API