Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

722 advisories

Loading
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component... High Unreviewed
CVE-2018-7230 was published May 13, 2022
An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope... Critical Unreviewed
CVE-2018-3881 was published May 13, 2022
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC... High Unreviewed
CVE-2017-16349 was published May 13, 2022
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2... High Unreviewed
CVE-2017-2815 was published May 13, 2022
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers... High Unreviewed
CVE-2021-27777 was published May 13, 2022
XML External Entity (XXE) vulnerability in the file based service provider creation feature of... Critical Unreviewed
CVE-2021-42646 was published May 12, 2022
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File... Critical Unreviewed
CVE-2022-22774 was published May 11, 2022
expat 2.1.0 and earlier does not properly handle entities expansion unless an application... Moderate Unreviewed
CVE-2013-0340 was published May 5, 2022
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection... Critical Unreviewed
CVE-2013-4333 was published May 5, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... High Unreviewed
CVE-2022-20780 was published May 5, 2022
Talend Administration Center has a vulnerability that allows an authenticated user to use XML... Moderate Unreviewed
CVE-2022-29943 was published May 5, 2022
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice... Moderate Unreviewed
CVE-2012-0037 was published May 4, 2022
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service... High Unreviewed
CVE-2022-21949 was published May 4, 2022
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references... Moderate Unreviewed
CVE-2022-1331 was published May 4, 2022
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2... High Unreviewed
CVE-2009-1699 was published May 2, 2022
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to... Moderate Unreviewed
CVE-2005-1306 was published May 1, 2022
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML... Moderate Unreviewed
CVE-2016-9563 was published Apr 30, 2022
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF... Critical Unreviewed
CVE-2022-24449 was published Apr 29, 2022
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external... High Unreviewed
CVE-2012-1102 was published Apr 23, 2022
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External... High Unreviewed
CVE-2011-3600 was published Apr 22, 2022
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted... Moderate Unreviewed
CVE-2021-43990 was published Apr 21, 2022
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2022-0221 was published Apr 14, 2022
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that... Critical Unreviewed
CVE-2022-28219 was published Apr 6, 2022
When opening a malicious solution file provided by an attacker, the application suffers from an... Moderate Unreviewed
CVE-2022-1018 was published Apr 3, 2022
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA... High Unreviewed
CVE-2021-33208 was published Apr 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database