Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

160 advisories

Loading
An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library... Critical Unreviewed
CVE-2017-10670 was published May 17, 2022
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and... Critical Unreviewed
CVE-2016-7460 was published May 17, 2022
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity... Critical Unreviewed
CVE-2017-1383 was published May 17, 2022
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 ... Critical Unreviewed
CVE-2017-14759 was published May 17, 2022
XML external entity (XXE) vulnerability in the import package functionality of the deployment... Critical Unreviewed
CVE-2017-13706 was published May 17, 2022
The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote... Critical Unreviewed
CVE-2014-9487 was published May 17, 2022
A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image... Critical Unreviewed
CVE-2017-14101 was published May 14, 2022
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17... Critical Unreviewed
CVE-2014-3244 was published May 14, 2022
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1,... Critical Unreviewed
CVE-2014-3005 was published May 14, 2022
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the... Critical Unreviewed
CVE-2017-7375 was published May 14, 2022
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center,... Critical Unreviewed
CVE-2018-6489 was published May 14, 2022
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000124 was published May 14, 2022
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2)... Critical Unreviewed
CVE-2014-0931 was published May 14, 2022
In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions... Critical Unreviewed
CVE-2018-1183 was published May 14, 2022
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote... Critical Unreviewed
CVE-2018-11586 was published May 14, 2022
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version... Critical Unreviewed
CVE-2017-3208 was published May 14, 2022
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000616 was published May 14, 2022
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000614 was published May 14, 2022
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5... Critical Unreviewed
CVE-2018-11640 was published May 14, 2022
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external... Critical Unreviewed
CVE-2018-14473 was published May 14, 2022
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. Critical Unreviewed
CVE-2015-7326 was published May 14, 2022
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Critical Unreviewed
CVE-2015-7241 was published May 14, 2022
In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13416 was published May 14, 2022
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13415 was published May 14, 2022
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13417 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API