Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

245 advisories

Loading
IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2020-5003 was published May 24, 2022
XML external entity vulnerability in Jenkins Nuget Plugin Critical
CVE-2021-21658 was published for org.jenkins-ci.plugins:nuget (Maven) May 24, 2022
westonsteimel NotMyFault
XML External Entity Resolution (XXE) in Helix ALM. The XML Import functionality of the... Critical Unreviewed
CVE-2021-29997 was published May 24, 2022
MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a... Critical Unreviewed
CVE-2021-1628 was published May 24, 2022
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API... Critical Unreviewed
CVE-2021-27931 was published May 24, 2022
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via... Critical Unreviewed
CVE-2021-26703 was published May 24, 2022
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. Critical Unreviewed
CVE-2020-35604 was published May 24, 2022
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. Critical Unreviewed
CVE-2020-25215 was published May 24, 2022
Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for rg.mule.modules:mule-apikit-module (Maven) May 24, 2022
AutoUpdater.NET allows XXE Critical
CVE-2019-20627 was published for Autoupdater.NET.Official (NuGet) May 24, 2022
An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan... Critical Unreviewed
CVE-2018-20687 was published May 24, 2022
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by... Critical Unreviewed
CVE-2019-14678 was published May 24, 2022
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is... Critical Unreviewed
CVE-2019-14277 was published May 24, 2022
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported,... Critical Unreviewed
CVE-2019-13625 was published May 24, 2022
CodeIgniter Rest Server XXE Vulnerability Critical
CVE-2015-3907 was published for chriskacerguis/codeigniter-restserver (Composer) May 24, 2022
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2019-1903 was published May 24, 2022
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and... Critical Unreviewed
CVE-2018-18471 was published May 24, 2022
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit... Critical Unreviewed
CVE-2018-18406 was published May 24, 2022
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to... Critical Unreviewed
CVE-2018-15506 was published May 24, 2022
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to... Critical Unreviewed
CVE-2019-12154 was published May 24, 2022
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML... Critical Unreviewed
CVE-2019-9670 was published May 24, 2022
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra... Critical Unreviewed
CVE-2018-20160 was published May 24, 2022
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has... Critical Unreviewed
CVE-2018-8940 was published May 24, 2022
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk... Critical Unreviewed
CVE-2019-7442 was published May 24, 2022
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. Critical Unreviewed
CVE-2018-14485 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database