Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

266 advisories

Loading
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows... Critical Unreviewed
CVE-2014-3990 was published May 14, 2022
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing... Critical Unreviewed
CVE-2018-1000639 was published May 13, 2022
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser... Critical Unreviewed
CVE-2018-1000837 was published May 13, 2022
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx... Critical Unreviewed
CVE-2018-1000835 was published May 13, 2022
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been... Critical Unreviewed
CVE-2022-4607 was published Dec 19, 2022
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. Critical Unreviewed
CVE-2015-9280 was published May 13, 2022
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE)... Critical Unreviewed
CVE-2017-7426 was published May 13, 2022
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the... Critical Unreviewed
CVE-2018-10600 was published May 13, 2022
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version... Critical Unreviewed
CVE-2017-3206 was published May 13, 2022
It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is... Critical Unreviewed
CVE-2017-7464 was published May 13, 2022
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External... Critical Unreviewed
CVE-2018-1821 was published May 13, 2022
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro... Critical Unreviewed
CVE-2018-6486 was published May 13, 2022
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000828 was published May 13, 2022
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External... Critical Unreviewed
CVE-2018-1727 was published May 13, 2022
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8... Critical Unreviewed
CVE-2018-10653 was published May 13, 2022
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway... Critical Unreviewed
CVE-2017-9458 was published May 13, 2022
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External... Critical Unreviewed
CVE-2016-9924 was published May 13, 2022
www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht... Critical Unreviewed
CVE-2017-8110 was published May 13, 2022
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity... Critical Unreviewed
CVE-2016-9180 was published May 13, 2022
National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected... Critical Unreviewed
CVE-2021-44556 was published Dec 9, 2021
National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is... Critical Unreviewed
CVE-2021-44557 was published Dec 9, 2021
XML External Entity vulnerability in MODX CMS Critical
CVE-2020-25911 was published for modx/revolution (Composer) Nov 1, 2021
XML Injection in Any23 Critical
CVE-2021-38555 was published for org.apache.any23:apache-any23 (Maven) Sep 13, 2021
Arbitrary code injection in json-sanitizer Critical
CVE-2021-23899 was published for com.mikesamuel:json-sanitizer (Maven) Jun 16, 2021
XML external entity (XXE) injection in Apache Nutch Critical
CVE-2021-23901 was published for org.apache.nutch:nutch (Maven) Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database