GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,244
Composer 5,234
Erlang 40
GitHub Actions 41
Go 3,003
Maven 6,264
npm 4,732
NuGet 788
pip 4,341
Pub 12
RubyGems 987
Rust 1,137
Swift 50

Unreviewed advisories

All unreviewed 290,925

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

266 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API... Critical Unreviewed

CVE-2021-27931 was published May 24, 2022

XML External Entity Resolution (XXE) in Helix ALM. The XML Import functionality of the... Critical Unreviewed

CVE-2021-29997 was published May 24, 2022

MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a... Critical Unreviewed

CVE-2021-1628 was published May 24, 2022

An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. Critical Unreviewed

CVE-2020-35604 was published May 24, 2022

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via... Critical Unreviewed

CVE-2021-26703 was published May 24, 2022

An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and... Critical Unreviewed

CVE-2022-3980 was published Nov 16, 2022

Improper Restriction of XML External Entity Reference in MPXJ Critical

CVE-2020-25020 was published for net.sf.mpxj:mpxj (Maven) May 7, 2021

A vulnerability classified as problematic was found in Talend Open Studio for MDM. This... Critical Unreviewed

CVE-2021-4311 was published Jan 9, 2023

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The... Critical Unreviewed

CVE-2022-42307 was published Oct 4, 2022

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... Critical Unreviewed

CVE-2022-31775 was published Aug 2, 2022

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in... Critical Unreviewed

CVE-2022-2131 was published Jul 26, 2022

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin... Critical Unreviewed

CVE-2022-35741 was published Jul 19, 2022

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Critical Unreviewed

CVE-2015-7273 was published May 17, 2022

An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5,... Critical Unreviewed

CVE-2016-8348 was published May 17, 2022

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a... Critical Unreviewed

CVE-2016-9706 was published May 17, 2022

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform... Critical Unreviewed

CVE-2017-7503 was published May 17, 2022

Insufficient user input in Apache Jetspeed-2 Critical

CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022

An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library... Critical Unreviewed

CVE-2017-10670 was published May 17, 2022

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by... Critical Unreviewed

CVE-2016-6111 was published May 17, 2022

Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2 Critical

CVE-2015-8031 was published for org.jvnet.hudson.main:hudson-core (Maven) Jul 15, 2022

Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml Critical

CVE-2019-3773 was published for org.springframework.ws:spring-ws (Maven) Jan 25, 2019

SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection... Critical Unreviewed

CVE-2022-23170 was published Jun 25, 2022

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity... Critical Unreviewed

CVE-2022-22489 was published Aug 20, 2022

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4... Critical Unreviewed

CVE-2021-45024 was published Jun 18, 2022

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity... Critical Unreviewed

CVE-2017-1383 was published May 17, 2022

Previous 1…1011 Next

Previous 1 2 … 7 8 9 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

266 advisories