Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

266 advisories

Loading
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17... Critical Unreviewed
CVE-2018-12463 was published May 13, 2022
XML External Entity (XXE) vulnerability in neo4j.procedure:apoc Critical
CVE-2018-1000820 was published for org.neo4j.procedure:apoc (Maven) Dec 20, 2018
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information,... Critical Unreviewed
CVE-2016-2908 was published May 13, 2022
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting... Critical Unreviewed
CVE-2017-1000497 was published May 13, 2022
Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack Critical
CVE-2022-39135 was published for org.apache.calcite:calcite-core (Maven) Sep 12, 2022
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and... Critical Unreviewed
CVE-2018-16792 was published May 13, 2022
Vulnerability that affects org.apache.pdfbox:pdfbox Critical
CVE-2019-0228 was published for org.apache.pdfbox:pdfbox (Maven) Jul 5, 2019
jacobovazquez
Credited to jacobovazquez
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15... Critical Unreviewed
CVE-2018-13826 was published May 13, 2022
An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope... Critical Unreviewed
CVE-2018-3881 was published May 13, 2022
Due to an XML external entity reference, the software parses XML in the backup/restore... Critical Unreviewed
CVE-2022-1704 was published Aug 6, 2022
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File... Critical Unreviewed
CVE-2022-22774 was published May 11, 2022
External Entity Reference in TwelveMonkeys ImageIO Critical
CVE-2021-23792 was published for com.twelvemonkeys.imageio:imageio-metadata (Maven) May 7, 2022
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote... Critical Unreviewed
CVE-2021-34436 was published May 24, 2022
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement... Critical Unreviewed
CVE-2020-25912 was published May 24, 2022
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x... Critical Unreviewed
CVE-2022-31678 was published Oct 28, 2022
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Critical Unreviewed
CVE-2021-38298 was published May 24, 2022
XML External Entity attack in log4net Critical
CVE-2018-1285 was published for log4net (NuGet) Jan 29, 2021
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE)... Critical Unreviewed
CVE-2021-27741 was published May 24, 2022
The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file... Critical Unreviewed
CVE-2021-34823 was published May 24, 2022
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes... Critical Unreviewed
CVE-2021-37425 was published May 24, 2022
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This... Critical Unreviewed
CVE-2021-4295 was published Dec 29, 2022
IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External... Critical Unreviewed
CVE-2021-20399 was published May 24, 2022
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF... Critical Unreviewed
CVE-2022-24449 was published Apr 29, 2022
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. Critical Unreviewed
CVE-2021-35066 was published May 24, 2022
IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2020-5003 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database