Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,425
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system... High Unreviewed
CVE-2021-40510 was published Jun 22, 2022
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions <... High Unreviewed
CVE-2022-32285 was published Jun 15, 2022
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access... High Unreviewed
CVE-2022-31447 was published Jun 15, 2022
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful... High Unreviewed
CVE-2022-31261 was published May 25, 2022
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE)... High Unreviewed
CVE-2022-22977 was published May 25, 2022
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin High
CVE-2019-10327 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
westonsteimel
XXE vulnerability in Jenkins OWASP Dependency-Check Plugin High
CVE-2021-43577 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) May 24, 2022
NotMyFault
An improper restriction of XML external entity reference vulnerability in the parser of XML... High Unreviewed
CVE-2021-36172 was published May 24, 2022
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote... High Unreviewed
CVE-2021-20838 was published May 24, 2022
Improper Restriction of XML External Entity Reference in Stanford CoreNLP High
CVE-2021-3869 was published for edu.stanford.nlp:stanford-corenlp (Maven) May 24, 2022
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which... High Unreviewed
CVE-2020-19954 was published May 24, 2022
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows... High Unreviewed
CVE-2021-40500 was published May 24, 2022
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO... High Unreviewed
CVE-2021-35496 was published May 24, 2022
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE... High Unreviewed
CVE-2021-41770 was published May 24, 2022
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an... High Unreviewed
CVE-2021-29831 was published May 24, 2022
Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application... High Unreviewed
CVE-2021-30137 was published May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter... High Unreviewed
CVE-2021-40356 was published May 24, 2022
XXE vulnerability in Jenkins Nested View Plugin High
CVE-2021-21680 was published for org.jenkins-ci.plugins:nested-view (Maven) May 24, 2022
NotMyFault
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). High Unreviewed
CVE-2021-38584 was published May 24, 2022
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component... High Unreviewed
CVE-2021-1630 was published May 24, 2022
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7... High Unreviewed
CVE-2021-22523 was published May 24, 2022
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data... High Unreviewed
CVE-2019-3752 was published May 24, 2022
Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air... High Unreviewed
CVE-2021-20595 was published May 24, 2022
An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. High Unreviewed
CVE-2021-30201 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack... High Unreviewed
CVE-2019-4730 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database