Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

474 advisories

Loading
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted... High Unreviewed
CVE-2017-1000061 was published May 13, 2022
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5... High Unreviewed
CVE-2016-5795 was published May 13, 2022
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6... High Unreviewed
CVE-2018-8819 was published May 13, 2022
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE)... High Unreviewed
CVE-2018-7783 was published May 13, 2022
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component... High Unreviewed
CVE-2018-7230 was published May 13, 2022
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2... High Unreviewed
CVE-2017-2815 was published May 13, 2022
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers... High Unreviewed
CVE-2021-27777 was published May 13, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... High Unreviewed
CVE-2022-20780 was published May 5, 2022
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service... High Unreviewed
CVE-2022-21949 was published May 4, 2022
XXE vulnerability in Jenkins JAPEX Plugin High
CVE-2022-45400 was published for org.jvnet.hudson.plugins:japex (Maven) Nov 16, 2022
NotMyFault
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. High Unreviewed
CVE-2023-22624 was published Jan 17, 2023
Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference High
CVE-2019-10466 was published for org.jenkins-ci.plugins.plugin:fireline (Maven) May 24, 2022
IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML... High Unreviewed
CVE-2019-4456 was published May 24, 2022
Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by... High Unreviewed
CVE-2022-2759 was published Sep 1, 2022
XXE vulnerability in Jenkins RapidDeploy Plugin High
CVE-2020-2171 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
NotMyFault
An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote... High Unreviewed
CVE-2022-47514 was published Dec 18, 2022
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC... High Unreviewed
CVE-2017-16349 was published May 13, 2022
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity... High Unreviewed
CVE-2018-1845 was published May 24, 2022
Multiple components in Apache NiFi do not restrict XML External Entity references High
CVE-2022-29265 was published for org.apache.nifi:nifi (Maven) May 1, 2022
An improper restriction of XML external entity reference vulnerability in the parser of XML... High Unreviewed
CVE-2021-36172 was published May 24, 2022
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote... High Unreviewed
CVE-2021-20838 was published May 24, 2022
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO... High Unreviewed
CVE-2021-35496 was published May 24, 2022
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows... High Unreviewed
CVE-2021-40500 was published May 24, 2022
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which... High Unreviewed
CVE-2020-19954 was published May 24, 2022
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE... High Unreviewed
CVE-2021-41770 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database