GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,099
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,903
Maven 5,100
npm 3,632
NuGet 638
pip 3,249
Pub 10
RubyGems 864
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,476

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

160 advisories

Filter by severity

Sort by

Least recently updated

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML... Critical Unreviewed

CVE-2018-1000652 was published May 14, 2022

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can... Critical Unreviewed

CVE-2018-1000651 was published May 14, 2022

An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in... Critical Unreviewed

CVE-2018-16521 was published May 14, 2022

An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1... Critical Unreviewed

CVE-2018-17411 was published May 14, 2022

Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE)... Critical Unreviewed

CVE-2018-15805 was published May 14, 2022

autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML... Critical Unreviewed

CVE-2018-1000838 was published May 14, 2022

K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response... Critical Unreviewed

CVE-2018-1000831 was published May 14, 2022

runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in... Critical Unreviewed

CVE-2018-1000834 was published May 14, 2022

MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability... Critical Unreviewed

CVE-2018-1000821 was published May 14, 2022

XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser... Critical Unreviewed

CVE-2018-1000830 was published May 14, 2022

FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in... Critical Unreviewed

CVE-2018-1000825 was published May 14, 2022

An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the... Critical Unreviewed

CVE-2018-20318 was published May 14, 2022

In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. Critical Unreviewed

CVE-2019-5748 was published May 14, 2022

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 Critical Unreviewed

CVE-2018-15362 was published May 14, 2022

Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man... Critical Unreviewed

CVE-2018-1000829 was published May 14, 2022

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed

CVE-2015-8866 was published May 14, 2022

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to... Critical Unreviewed

CVE-2018-9116 was published May 14, 2022

Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed

CVE-2019-5918 was published May 14, 2022

XXE issue in Airsonic before 10.1.2 during parse. Critical Unreviewed

CVE-2018-20222 was published May 14, 2022

The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows... Critical Unreviewed

CVE-2014-3990 was published May 14, 2022

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML... Critical Unreviewed

CVE-2014-0030 was published May 14, 2022

Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. Critical Unreviewed

CVE-2018-20664 was published May 14, 2022

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed

CVE-2016-6256 was published May 14, 2022

UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser... Critical Unreviewed

CVE-2018-1000837 was published May 13, 2022

KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx... Critical Unreviewed

CVE-2018-1000835 was published May 13, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

160 advisories