Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable... High Unreviewed
CVE-2021-27184 was published May 24, 2022
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform... High Unreviewed
CVE-2021-25163 was published May 24, 2022
A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager... High Unreviewed
CVE-2021-29140 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server... High Unreviewed
CVE-2021-1530 was published May 24, 2022
In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure. High Unreviewed
CVE-2021-30006 was published May 24, 2022
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity... High Unreviewed
CVE-2021-22140 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack... High Unreviewed
CVE-2020-4300 was published May 24, 2022
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote... High Unreviewed
CVE-2022-3340 was published Nov 4, 2022
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input,... High Unreviewed
CVE-2020-6590 was published May 24, 2022
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform... High Unreviewed
CVE-2021-25165 was published May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML... High Unreviewed
CVE-2021-20492 was published May 24, 2022
An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. High Unreviewed
CVE-2021-30201 was published May 24, 2022
Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air... High Unreviewed
CVE-2021-20595 was published May 24, 2022
XML External Entity Reference in org.picketlink:picketlink-common High
CVE-2014-3530 was published for org.picketlink:picketlink-common (Maven) May 14, 2022
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data... High Unreviewed
CVE-2019-3752 was published May 24, 2022
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7... High Unreviewed
CVE-2021-22523 was published May 24, 2022
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can... High Unreviewed
CVE-2022-40304 was published Nov 23, 2022
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient... High Unreviewed
CVE-2022-32458 was published Jul 21, 2022
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec... High Unreviewed
CVE-2022-25628 was published Dec 21, 2022
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component... High Unreviewed
CVE-2021-1630 was published May 24, 2022
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). High Unreviewed
CVE-2021-38584 was published May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter... High Unreviewed
CVE-2021-40356 was published May 24, 2022
Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application... High Unreviewed
CVE-2021-30137 was published May 24, 2022
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an... High Unreviewed
CVE-2021-29831 was published May 24, 2022
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE... High Unreviewed
CVE-2021-41770 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database