Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when... High Unreviewed
CVE-2023-28009 was published Apr 26, 2023
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection ... High Unreviewed
CVE-2023-28008 was published Apr 26, 2023
IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing... High Unreviewed
CVE-2023-27876 was published Apr 7, 2023
Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28681 was published for org.jenkins-ci.plugins:vs-code-metrics (Maven) Apr 2, 2023
Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28680 was published for org.jenkins-ci.plugins:crap4j (Maven) Apr 2, 2023
Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28683 was published for org.jenkins-ci.plugins:phabricator-plugin (Maven) Apr 2, 2023
Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks High
CVE-2023-28684 was published for com.sap.jenkinsci:remote-jobs-view-plugin (Maven) Apr 2, 2023
Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28682 was published for org.jenkins-ci.plugins:perfpublisher (Maven) Apr 2, 2023
This vulnerability allows remote attackers to disclose sensitive information on affected... High Unreviewed
CVE-2022-36969 was published Mar 29, 2023
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when... High Unreviewed
CVE-2023-27874 was published Mar 21, 2023
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference High
CVE-2023-27480 was published for org.xwiki.platform:xwiki-platform-xar-model (Maven) Mar 8, 2023
OWSLib vulnerable to XML External Entity (XXE) Injection High
CVE-2023-27476 was published for OWSLib (pip) Mar 7, 2023
jorgectf
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious... High Unreviewed
CVE-2023-20855 was published Feb 22, 2023
dd-plist XML External Entitly vulnerability High
CVE-2016-15026 was published for com.googlecode.plist:dd-plist (Maven) Feb 20, 2023
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the... High Unreviewed
CVE-2021-33950 was published Feb 17, 2023
XML External Entity Reference in ureport High
CVE-2023-24187 was published for com.bstek.ureport:ureport2-core (Maven) Feb 14, 2023
XML External Entity Reference in Apache NiFi High
CVE-2023-22832 was published for org.apache.nifi:nifi-ccda-processors (Maven) Feb 10, 2023
exceptionfactory
Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection... High Unreviewed
CVE-2023-24323 was published Feb 9, 2023
Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component:... High Unreviewed
CVE-2023-21862 was published Jan 18, 2023
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. High Unreviewed
CVE-2023-22624 was published Jan 17, 2023
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A... High Unreviewed
CVE-2023-23595 was published Jan 15, 2023
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec... High Unreviewed
CVE-2022-25628 was published Dec 21, 2022
An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote... High Unreviewed
CVE-2022-47514 was published Dec 18, 2022
Jenkins Plot Plugin XML External Entity Reference vulnerability High
CVE-2022-46682 was published for org.jenkins-ci.plugins:plot (Maven) Dec 12, 2022
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can... High Unreviewed
CVE-2022-40304 was published Nov 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database