Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Entity Reference Critical
CVE-2025-4641 was published for io.github.bonigarcia:webdrivermanager (Maven) May 14, 2025
WSO2 API Manager XML External Entity (XXE) vulnerability Critical
CVE-2025-2905 was published for org.wso2.am:am-distribution-parent (Maven) May 5, 2025
XML External Entity Reference in Jenkins CCCC Plugin Critical
CVE-2022-45395 was published for com.thalesgroup.jenkins-ci.plugins:cccc (Maven) Nov 16, 2022
NotMyFault
XML external entity vulnerability on agents in Jenkins MSTest Plugin Critical
CVE-2023-24441 was published for org.jvnet.hudson.plugins:mstest (Maven) Jan 26, 2023
tfonfara
Lucee RCE/XXE Vulnerability Critical
CVE-2023-38693 was published for org.lucee:lucee (Maven) Mar 5, 2025
rootxharsh zspitzer
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability Critical
CVE-2023-49733 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for org.mule.modules:mule-apikit-module (Maven) May 24, 2022
binary-1024
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
XML external entity injection in Terracotta Quartz Scheduler Critical
CVE-2019-13990 was published for org.quartz-scheduler:quartz (Maven) Jul 1, 2020
XML External Entity Reference in drools Critical
CVE-2021-41411 was published for org.drools:drools-core (Maven) Jun 17, 2022
wnicholson
Apache ActiveMQ Apollo XXE Vulnerability Critical
CVE-2014-3579 was published for org.apache.activemq:apollo-project (Maven) May 14, 2022
MarkLee131
Remote code execution occurs in Apache Solr Critical
CVE-2017-12629 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
Improper Restriction of XML External Entity Reference in pippo-core Critical
CVE-2018-20059 was published for ro.pippo:pippo-core (Maven) Dec 19, 2018
MarkLee131
java-xmlbuilder vulnerable to XML External Entity Reference Critical
CVE-2014-125087 was published for com.jamesmurty.utils:java-xmlbuilder (Maven) Feb 19, 2023
aXMLRPC XML External Entity vulnerability Critical
CVE-2020-36641 was published for fr.turri:aXMLRPC (Maven) Jan 5, 2023
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
XML Entity Expansion in Jenkins TestComplete support Plugin Critical
CVE-2023-24443 was published for org.jenkins-ci.plugins:TestComplete (Maven) Jan 26, 2023
Apache is vulnerable to XXE in XSD validation processor Critical
CVE-2018-8027 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2014-3600 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin Critical
CVE-2021-21669 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) May 24, 2022
westonsteimel NotMyFault
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24430 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
XML external entity vulnerability in Jenkins Nuget Plugin Critical
CVE-2021-21658 was published for org.jenkins-ci.plugins:nuget (Maven) May 24, 2022
westonsteimel NotMyFault
XXE vulnerability in Jenkins Job Import Plugin Critical
CVE-2019-1003015 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) May 13, 2022
westonsteimel
bonita-connector-webservice XML External Entity vulnerability Critical
CVE-2020-36640 was published for org.bonitasoft.connectors:bonita-connector-webservice (Maven) Jan 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database