Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

722 advisories

Loading
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 Critical Unreviewed
CVE-2018-15362 was published May 14, 2022
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows... Moderate Unreviewed
CVE-2018-20233 was published May 14, 2022
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE)... Moderate Unreviewed
CVE-2018-1000840 was published May 14, 2022
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man... Critical Unreviewed
CVE-2018-1000829 was published May 14, 2022
Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability... High Unreviewed
CVE-2018-1000889 was published May 14, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed
CVE-2015-8866 was published May 14, 2022
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against... High Unreviewed
CVE-2018-19858 was published May 14, 2022
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2018-9116 was published May 14, 2022
An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x... High Unreviewed
CVE-2017-5828 was published May 14, 2022
Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed
CVE-2019-5918 was published May 14, 2022
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a... Moderate Unreviewed
CVE-2019-0265 was published May 14, 2022
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML... Moderate Unreviewed
CVE-2019-0277 was published May 14, 2022
An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or... High Unreviewed
CVE-2019-9761 was published May 14, 2022
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. High Unreviewed
CVE-2017-1000021 was published May 14, 2022
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML... Moderate Unreviewed
CVE-2018-1000069 was published May 14, 2022
Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. High Unreviewed
CVE-2019-3481 was published May 14, 2022
Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows... Moderate Unreviewed
CVE-2017-8557 was published May 14, 2022
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from... Moderate Unreviewed
CVE-2017-18110 was published May 14, 2022
The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before... High Unreviewed
CVE-2017-18111 was published May 14, 2022
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items... High Unreviewed
CVE-2017-9362 was published May 14, 2022
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of... Moderate Unreviewed
CVE-2019-8997 was published May 14, 2022
XXE issue in Airsonic before 10.1.2 during parse. Critical Unreviewed
CVE-2018-20222 was published May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser... High Unreviewed
CVE-2019-0756 was published May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser... High Unreviewed
CVE-2019-0790 was published May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser... High Unreviewed
CVE-2019-0793 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database