Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

249 advisories

Loading
corenlp is vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2022-0239 was published for edu.stanford.nlp:stanford-corenlp (Maven) Jan 21, 2022
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML... Critical Unreviewed
CVE-2021-40722 was published Jan 14, 2022
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 ... Critical Unreviewed
CVE-2017-14759 was published May 17, 2022
XML external entity (XXE) vulnerability in the import package functionality of the deployment... Critical Unreviewed
CVE-2017-13706 was published May 17, 2022
The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote... Critical Unreviewed
CVE-2014-9487 was published May 17, 2022
A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image... Critical Unreviewed
CVE-2017-14101 was published May 14, 2022
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17... Critical Unreviewed
CVE-2014-3244 was published May 14, 2022
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the... Critical Unreviewed
CVE-2017-7375 was published May 14, 2022
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center,... Critical Unreviewed
CVE-2018-6489 was published May 14, 2022
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1,... Critical Unreviewed
CVE-2014-3005 was published May 14, 2022
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000124 was published May 14, 2022
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine... Critical Unreviewed
CVE-2022-1700 was published Sep 13, 2022
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2)... Critical Unreviewed
CVE-2014-0931 was published May 14, 2022
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000614 was published May 14, 2022
In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions... Critical Unreviewed
CVE-2018-1183 was published May 14, 2022
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote... Critical Unreviewed
CVE-2018-11586 was published May 14, 2022
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000616 was published May 14, 2022
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version... Critical Unreviewed
CVE-2017-3208 was published May 14, 2022
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Critical Unreviewed
CVE-2015-7241 was published May 14, 2022
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5... Critical Unreviewed
CVE-2018-11640 was published May 14, 2022
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external... Critical Unreviewed
CVE-2018-14473 was published May 14, 2022
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. Critical Unreviewed
CVE-2015-7326 was published May 14, 2022
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13415 was published May 14, 2022
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13417 was published May 14, 2022
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML... Critical Unreviewed
CVE-2018-1000652 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database