GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,990
Composer 4,293
Erlang 31
GitHub Actions 21
Go 2,061
Maven 5,239
npm 3,744
NuGet 668
pip 3,423
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,556

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

322 advisories

Filter by severity

Sort by

Least recently updated

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to... Moderate Unreviewed

CVE-2020-29436 was published May 24, 2022

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line... Moderate Unreviewed

CVE-2022-37911 was published Dec 12, 2022

IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE... Moderate Unreviewed

CVE-2020-4606 was published May 24, 2022

In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists... Moderate Unreviewed

CVE-2020-35123 was published May 24, 2022

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There is XXE with resultant SSRF... Moderate Unreviewed

CVE-2020-15772 was published May 24, 2022

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates.... Moderate Unreviewed

CVE-2020-24591 was published May 24, 2022

Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an... Moderate Unreviewed

CVE-2020-12025 was published May 24, 2022

The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability... Moderate Unreviewed

CVE-2017-10617 was published May 13, 2022

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom... Moderate Unreviewed

CVE-2022-46827 was published Dec 8, 2022

Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity ... Moderate Unreviewed

CVE-2022-38342 was published Sep 14, 2022

CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash... Moderate Unreviewed

CVE-2022-45194 was published Nov 12, 2022

Improper Restriction of XML External Entity Reference in Apache POI Moderate

CVE-2019-12415 was published for org.apache.poi:poi (Maven) May 24, 2022

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files... Moderate Unreviewed

CVE-2019-17637 was published May 24, 2022

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the... Moderate Unreviewed

CVE-2020-6238 was published May 24, 2022

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0... Moderate Unreviewed

CVE-2016-0284 was published May 17, 2022

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML... Moderate Unreviewed

CVE-2016-5749 was published May 17, 2022

XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read... Moderate Unreviewed

CVE-2017-6344 was published May 17, 2022

Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. Moderate Unreviewed

CVE-2022-34001 was published Jul 20, 2022

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote... Moderate Unreviewed

CVE-2015-7743 was published May 17, 2022

XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. Moderate Unreviewed

CVE-2016-4931 was published May 17, 2022

External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access... Moderate Unreviewed

CVE-2016-5748 was published May 17, 2022

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity ... Moderate Unreviewed

CVE-2017-8056 was published May 17, 2022

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager... Moderate Unreviewed

CVE-2017-9295 was published May 17, 2022

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to... Moderate Unreviewed

CVE-2017-2308 was published May 17, 2022

IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an... Moderate Unreviewed

CVE-2016-0254 was published May 17, 2022

Previous 1 2 … 9 10 11 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

322 advisories