GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
371 advisories
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Low
GHSA-58qw-p7qm-5rvh
was published
for
org.eclipse.jetty:jetty-xml
(Maven)
Jul 10, 2023
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion
High
CVE-2026-24400
was published
for
org.assertj:assertj-core
(Maven)
Jan 26, 2026
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
High
CVE-2024-52807
was published
for
org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli
(Maven)
Jan 24, 2025
Eclipse JGit XML External Entity (XXE) Vulnerability
Moderate
CVE-2025-4949
was published
for
org.eclipse.jgit:org.eclipse.jgit
(Maven)
May 21, 2025
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
High
CVE-2025-58360
was published
for
org.geoserver.web:gs-web-app
(Maven)
Nov 25, 2025
CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
High
CVE-2025-64518
was published
for
org.cyclonedx:cyclonedx-core-java
(Maven)
Nov 10, 2025
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF
Critical
CVE-2025-54988
was published
for
org.apache.tika:tika-parser-pdf-module
(Maven)
Aug 20, 2025
Eclipse RDF4j vulnerable to XML External Entity
Critical
CVE-2018-1000644
was published
for
org.eclipse.rdf4j:rdf4j-runtime
(Maven)
Oct 19, 2018
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing
High
CVE-2025-6985
was published
for
langchain-text-splitters
(pip)
Oct 6, 2025
XML External Entity (XXE) Injection in JDOM
High
CVE-2021-33813
was published
for
org.jdom:jdom
(Maven)
Jul 27, 2021
ProTip!
Advisories are also available from the
GraphQL API