Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

244 advisories

Loading
Eclipse JGit XML External Entity (XXE) Vulnerability Moderate
CVE-2025-4949 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) May 21, 2025
BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Entity Reference Critical
CVE-2025-4641 was published for io.github.bonigarcia:webdrivermanager (Maven) May 14, 2025
WSO2 API Manager XML External Entity (XXE) vulnerability Critical
CVE-2025-2905 was published for org.wso2.am:am-distribution-parent (Maven) May 5, 2025
XXE vulnerability in Jenkins JAPEX Plugin High
CVE-2022-45400 was published for org.jvnet.hudson.plugins:japex (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin Moderate
CVE-2022-45397 was published for org.jenkins-ci:update-center2 (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability on agents in Jenkins SourceMonitor Plugin Moderate
CVE-2022-45396 was published for com.thalesgroup.hudson.plugins:sourcemonitor (Maven) Nov 16, 2022
NotMyFault
XML External Entity Reference in Jenkins CCCC Plugin Critical
CVE-2022-45395 was published for com.thalesgroup.jenkins-ci.plugins:cccc (Maven) Nov 16, 2022
NotMyFault
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server High
CVE-2025-31487 was published for org.xwiki.contrib.jira:jira-macro-default (Maven) Apr 4, 2025
XML external entity vulnerability on agents in Jenkins MSTest Plugin Critical
CVE-2023-24441 was published for org.jvnet.hudson.plugins:mstest (Maven) Jan 26, 2023
tfonfara
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection Moderate
CVE-2025-27136 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI Moderate
CVE-2015-5319 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection Moderate
GHSA-47qw-ccjm-9c2c was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API Moderate
GHSA-v232-254c-m6p7 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection Moderate
GHSA-2466-4485-4pxj was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
Lucee RCE/XXE Vulnerability Critical
CVE-2023-38693 was published for org.lucee:lucee (Maven) Mar 5, 2025
rootxharsh zspitzer
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability Critical
CVE-2023-49733 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
XML External Entity (XXE) Injection in JDOM High
CVE-2021-33813 was published for org.jdom:jdom (Maven) Jul 27, 2021
paradoxengine
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` High
CVE-2024-52807 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
dotasek
Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for org.mule.modules:mule-apikit-module (Maven) May 24, 2022
binary-1024
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability Low
CVE-2024-52800 was published for org.verapdf:core (Maven) Dec 2, 2024
Ucum-java has an XXE vulnerability in XML parsing High
CVE-2024-55887 was published for org.fhir:ucum (Maven) Dec 13, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
Liferay Portal has an XXE vulnerability in Java2WsddTask._format High
CVE-2024-25606 was published for com.liferay.portal:com.liferay.util.java (Maven) Feb 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database