Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

240 advisories

Loading
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling... Moderate Unreviewed
CVE-2022-2838 was published Aug 17, 2022
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's... Moderate Unreviewed
CVE-2020-14379 was published Aug 17, 2022
Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. Moderate Unreviewed
CVE-2022-34001 was published Jul 20, 2022
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote... Moderate Unreviewed
CVE-2021-20839 was published May 24, 2022
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML... Moderate Unreviewed
CVE-2021-20801 was published May 24, 2022
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE... Moderate Unreviewed
CVE-2021-40439 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2021-34706 was published May 24, 2022
NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks. Moderate Unreviewed
CVE-2021-35201 was published May 24, 2022
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior... Moderate Unreviewed
CVE-2021-31842 was published May 24, 2022
An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto... Moderate Unreviewed
CVE-2021-3055 was published May 24, 2022
A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML... Moderate Unreviewed
CVE-2021-37178 was published May 24, 2022
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <... Moderate Unreviewed
CVE-2020-26564 was published May 24, 2022
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file... Moderate Unreviewed
CVE-2021-32972 was published May 24, 2022
There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not... Moderate Unreviewed
CVE-2021-22338 was published May 24, 2022
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external... Moderate Unreviewed
CVE-2021-28684 was published May 24, 2022
SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker... Moderate Unreviewed
CVE-2021-27635 was published May 24, 2022
When opening a specially crafted 3DXML file, the application containing Datakit Software... Moderate Unreviewed
CVE-2021-27492 was published May 24, 2022
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE)... Moderate Unreviewed
CVE-2020-36124 was published May 24, 2022
A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could... Moderate Unreviewed
CVE-2021-1369 was published May 24, 2022
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform... Moderate Unreviewed
CVE-2021-25164 was published May 24, 2022
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura... Moderate Unreviewed
CVE-2020-7035 was published May 24, 2022
An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated,... Moderate Unreviewed
CVE-2020-7036 was published May 24, 2022
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or... Moderate Unreviewed
CVE-2021-27736 was published May 24, 2022
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP... Moderate Unreviewed
CVE-2021-27604 was published May 24, 2022
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build... Moderate Unreviewed
CVE-2021-28973 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database