GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
309 advisories
Filter by severity
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A...
High
Unreviewed
CVE-2023-23595
was published
Jan 15, 2023
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's...
High
Unreviewed
CVE-2021-42194
was published
Mar 22, 2022
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability...
High
Unreviewed
CVE-2021-44477
was published
Mar 26, 2022
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA...
High
Unreviewed
CVE-2021-33208
was published
Apr 1, 2022
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external...
High
Unreviewed
CVE-2012-1102
was published
Apr 23, 2022
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows...
High
Unreviewed
CVE-2017-9233
was published
May 13, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It...
High
Unreviewed
CVE-2020-25257
was published
May 24, 2022
jersey: XXE via parameter entities not disabled by the jersey SAX parser
High
Unreviewed
CVE-2014-3643
was published
May 17, 2022
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE)...
High
Unreviewed
CVE-2022-22977
was published
May 25, 2022
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful...
High
Unreviewed
CVE-2022-31261
was published
May 25, 2022
XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers...
High
Unreviewed
CVE-2010-2245
was published
May 17, 2022
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if...
High
Unreviewed
CVE-2017-11390
was published
May 17, 2022
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access...
High
Unreviewed
CVE-2022-31447
was published
Jun 15, 2022
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions <...
High
Unreviewed
CVE-2022-32285
was published
Jun 15, 2022
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system...
High
Unreviewed
CVE-2021-40510
was published
Jun 22, 2022
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when...
High
Unreviewed
CVE-2017-1322
was published
May 17, 2022
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker...
High
Unreviewed
CVE-2022-35168
was published
Jul 13, 2022
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when...
High
Unreviewed
CVE-2017-1254
was published
May 17, 2022
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3...
High
Unreviewed
CVE-2017-9231
was published
May 17, 2022
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External...
High
Unreviewed
CVE-2016-9698
was published
May 17, 2022
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused...
High
Unreviewed
CVE-2016-9691
was published
May 17, 2022
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib...
High
Unreviewed
CVE-2017-6055
was published
May 17, 2022
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection ...
High
Unreviewed
CVE-2016-9724
was published
May 17, 2022
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity...
High
Unreviewed
CVE-2017-1103
was published
May 17, 2022
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External...
High
Unreviewed
CVE-2016-6059
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API