Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,427
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

470 advisories

Loading
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity... High Unreviewed
CVE-2020-4949 was published May 24, 2022
This vulnerability allows remote attackers to disclose sensitive information on affected... High Unreviewed
CVE-2020-27858 was published May 24, 2022
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management ... High Unreviewed
CVE-2021-22498 was published May 24, 2022
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX... High Unreviewed
CVE-2020-27148 was published May 24, 2022
XXE vulnerability in Jenkins CVS Plugin High
CVE-2020-2324 was published for org.jenkins-ci.plugins:cvs (Maven) May 24, 2022
NotMyFault
A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in... High Unreviewed
CVE-2020-7572 was published May 24, 2022
Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime... High Unreviewed
CVE-2020-24454 was published May 24, 2022
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse... High Unreviewed
CVE-2020-15352 was published May 24, 2022
XXE vulnerability in Jenkins Liquibase Runner Plugin High
CVE-2020-2284 was published for org.jenkins-ci.plugins:liquibase-runner (Maven) May 24, 2022
NotMyFault
DotPlant2 Improper Restriction of XML External Entity Reference High
CVE-2020-25750 was published for devgroup/dotplant (Composer) May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It... High Unreviewed
CVE-2020-25257 was published May 24, 2022
XXE vulnerability in Jenkins Klocwork Analysis Plugin High
CVE-2020-2247 was published for org.jenkins-ci.plugins:klocwork (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Valgrind Plugin High
CVE-2020-2245 was published for org.jenkins-ci.plugins:valgrind (Maven) May 24, 2022
NotMyFault
OpenStack Nova Live migration fails to update persistent domain XML High
CVE-2020-17376 was published for nova (pip) May 24, 2022
This vulnerability allows remote attackers to disclose sensitive information on affected... High Unreviewed
CVE-2020-15419 was published May 24, 2022
This vulnerability allows remote attackers to disclose sensitive information on affected... High Unreviewed
CVE-2020-15418 was published May 24, 2022
WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin... High Unreviewed
CVE-2020-11885 was published May 24, 2022
XXE vulnerability in Jenkins Parasoft Findings Plugin High
CVE-2020-2178 was published for com.parasoft:parasoft-findings (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2020-2172 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins RapidDeploy Plugin High
CVE-2020-2171 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
NotMyFault
Oxygen XML Editor 21.1.1 allows XXE to read any file. High Unreviewed
CVE-2019-20191 was published May 24, 2022
An XML external entity (XXE) vulnerability iin Zoho ManageEngine Desktop Central before the 07... High Unreviewed
CVE-2020-8540 was published May 24, 2022
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30,... High Unreviewed
CVE-2020-6202 was published May 24, 2022
XXE vulnerability in Jenkins Cobertura Plugin High
CVE-2020-2138 was published for org.jenkins-ci.plugins:cobertura (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Rundeck Plugin High
CVE-2020-2144 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database