Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

249 advisories

Loading
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15... Critical Unreviewed
CVE-2018-13826 was published May 13, 2022
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and... Critical Unreviewed
CVE-2018-16792 was published May 13, 2022
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information,... Critical Unreviewed
CVE-2016-2908 was published May 13, 2022
Improper Restriction of XML External Entity Reference in Apace Derby Critical
CVE-2015-1832 was published for org.apache.derby:derby (Maven) May 13, 2022
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting... Critical Unreviewed
CVE-2017-1000497 was published May 13, 2022
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17... Critical Unreviewed
CVE-2018-12463 was published May 13, 2022
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity... Critical Unreviewed
CVE-2016-9180 was published May 13, 2022
www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht... Critical Unreviewed
CVE-2017-8110 was published May 13, 2022
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External... Critical Unreviewed
CVE-2016-9924 was published May 13, 2022
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway... Critical Unreviewed
CVE-2017-9458 was published May 13, 2022
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8... Critical Unreviewed
CVE-2018-10653 was published May 13, 2022
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2... Critical Unreviewed
CVE-2014-3630 was published May 13, 2022
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000828 was published May 13, 2022
XXE vulnerability in Jenkins Job Import Plugin Critical
CVE-2019-1003015 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) May 13, 2022
westonsteimel
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro... Critical Unreviewed
CVE-2018-6486 was published May 13, 2022
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External... Critical Unreviewed
CVE-2018-1821 was published May 13, 2022
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External... Critical Unreviewed
CVE-2018-1727 was published May 13, 2022
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the... Critical Unreviewed
CVE-2018-10600 was published May 13, 2022
It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is... Critical Unreviewed
CVE-2017-7464 was published May 13, 2022
It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable... Critical Unreviewed
CVE-2017-7465 was published May 13, 2022
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE)... Critical Unreviewed
CVE-2017-7426 was published May 13, 2022
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version... Critical Unreviewed
CVE-2017-3206 was published May 13, 2022
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. Critical Unreviewed
CVE-2015-9280 was published May 13, 2022
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing... Critical Unreviewed
CVE-2018-1000639 was published May 13, 2022
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx... Critical Unreviewed
CVE-2018-1000835 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database