Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

108 advisories

Loading
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request High
CVE-2017-14949 was published for org.restlet.jse:org.restlet (Maven) Oct 17, 2018
tdunlap607
Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider High
CVE-2017-14868 was published for org.restlet.jse:org.restlet.ext.jaxrs (Maven) Oct 17, 2018
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack High
CVE-2018-11796 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Apache Tika does not properly initialize the XML parser or choose handlers High
CVE-2016-4434 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
High severity vulnerability that affects org.apache.tika:tika-core High
CVE-2018-11761 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references High
CVE-2018-1259 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
High severity vulnerability that affects org.apache.pdfbox:pdfbox High
CVE-2016-2175 was published for org.apache.pdfbox:pdfbox (Maven) Oct 17, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr High
CVE-2018-1308 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
jackson-dataformat-xml vulnerable to server side request forgery (SSRF) High
CVE-2016-7051 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore High
CVE-2016-4216 was published for com.adobe.xmp:xmpcore (Maven) Oct 19, 2018
Apache juddi-client vulnerable to XML External Entity (XXE) High
CVE-2018-1307 was published for org.apache.juddi:juddi-client (Maven) Oct 19, 2018
Android SVG vulnerable to XML External Entity (XXE) High
CVE-2017-1000498 was published for com.caverock:androidsvg (Maven) Oct 19, 2018
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core High
CVE-2018-17186 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Improper Restriction of XML External Entity Reference in bedework:bw-webdav High
CVE-2018-20000 was published for org.bedework:bw-webdav (Maven) Dec 19, 2018
SunBK201
XML External Entity injection in Apache Camel High
CVE-2019-0188 was published for org.apache.camel:camel-core (Maven) May 29, 2019
Improper Restriction of XML External Entity Reference in DiffPlug Spotless High
CVE-2019-9843 was published for com.diffplug.spotless:spotless-maven-plugin (Maven) Jul 5, 2019
Improper Restriction of XML External Entity Reference in jackson-mapper-asl High
CVE-2019-10172 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) Feb 4, 2020
XXE in Apache Standard Taglibs High
CVE-2015-0254 was published for org.apache.taglibs:taglibs-standard (Maven) Sep 14, 2020
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
XXE vulnerability on Launch import with externally-defined DTD file High
CVE-2021-29620 was published for com.epam.reportportal:service-api (Maven) Jun 28, 2021
XXE vulnerability in Launch import High
CVE-2020-12642 was published for com.epam.reportportal:service-api (Maven) Jun 28, 2021
XML External Entity (XXE) Injection in JDOM High
CVE-2021-33813 was published for org.jdom:jdom (Maven) Jul 27, 2021
XML External Entity Reference High
GHSA-7qfm-6m33-rgg9 was published for com.epam.reportportal:service-api (Maven) Aug 13, 2021
XML External Entity Reference in Apache Jena High
CVE-2021-39239 was published for org.apache.jena:jena-core (Maven) Sep 20, 2021
Improper Restriction of XML External Entity Reference in com.h2database:h2. High
CVE-2021-23463 was published for com.h2database:h2 (Maven) Dec 16, 2021
mprins
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database