Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

322 advisories

Loading
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior... Moderate Unreviewed
CVE-2018-0207 was published May 13, 2022
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior... Moderate Unreviewed
CVE-2018-0218 was published May 13, 2022
Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability Moderate
CVE-2016-5000 was published for org.apache.poi:poi-examples (Maven) May 13, 2022
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML... Moderate Unreviewed
CVE-2016-3027 was published May 13, 2022
Moodle Arbitrary File Read via XML External Entity vulnerability Moderate
CVE-2014-3543 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote... Moderate Unreviewed
CVE-2018-10077 was published May 13, 2022
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows... Moderate Unreviewed
CVE-2017-11457 was published May 13, 2022
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x... Moderate Unreviewed
CVE-2017-8040 was published May 13, 2022
Improper Restriction of XML External Entity Reference in Castor Moderate
CVE-2014-3004 was published for org.codehaus.castor:castor (Maven) May 13, 2022
expat 2.1.0 and earlier does not properly handle entities expansion unless an application... Moderate Unreviewed
CVE-2013-0340 was published May 5, 2022
Talend Administration Center has a vulnerability that allows an authenticated user to use XML... Moderate Unreviewed
CVE-2022-29943 was published May 5, 2022
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice... Moderate Unreviewed
CVE-2012-0037 was published May 4, 2022
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references... Moderate Unreviewed
CVE-2022-1331 was published May 4, 2022
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to... Moderate Unreviewed
CVE-2005-1306 was published May 1, 2022
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML... Moderate Unreviewed
CVE-2016-9563 was published Apr 30, 2022
Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml Moderate
CVE-2022-24898 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 28, 2022
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted... Moderate Unreviewed
CVE-2021-43990 was published Apr 21, 2022
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2022-0221 was published Apr 14, 2022
When opening a malicious solution file provided by an attacker, the application suffers from an... Moderate Unreviewed
CVE-2022-1018 was published Apr 3, 2022
Improper Restriction of XML External Entity Reference in wutka jox Moderate
CVE-2021-43142 was published for com.wutka:jox (Maven) Apr 1, 2022
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10... Moderate Unreviewed
CVE-2022-0861 was published Mar 24, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter Moderate
CVE-2022-27193 was published for cvrf2csaf (pip) Mar 16, 2022
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the... Moderate Unreviewed
CVE-2022-22835 was published Mar 11, 2022
Improper Restriction of XML External Entity Reference in trytond and proteus Moderate
CVE-2022-26661 was published for proteus (pip) Mar 11, 2022
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14... Moderate Unreviewed
CVE-2022-23031 was published Jan 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database