Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

160 advisories

Loading
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected... Critical Unreviewed
CVE-2022-22795 was published Mar 11, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed
CVE-2015-8866 was published May 14, 2022
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that... Critical Unreviewed
CVE-2022-28219 was published Apr 6, 2022
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. Critical Unreviewed
CVE-2021-45981 was published Jun 3, 2022
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and... Critical Unreviewed
CVE-2016-7460 was published May 17, 2022
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity... Critical Unreviewed
CVE-2017-1383 was published May 17, 2022
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4... Critical Unreviewed
CVE-2021-45024 was published Jun 18, 2022
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-22489 was published Aug 20, 2022
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection... Critical Unreviewed
CVE-2022-23170 was published Jun 25, 2022
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by... Critical Unreviewed
CVE-2016-6111 was published May 17, 2022
An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library... Critical Unreviewed
CVE-2017-10670 was published May 17, 2022
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform... Critical Unreviewed
CVE-2017-7503 was published May 17, 2022
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a... Critical Unreviewed
CVE-2016-9706 was published May 17, 2022
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Critical Unreviewed
CVE-2015-7273 was published May 17, 2022
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5,... Critical Unreviewed
CVE-2016-8348 was published May 17, 2022
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data... Critical Unreviewed
CVE-2017-6895 was published May 17, 2022
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin... Critical Unreviewed
CVE-2022-35741 was published Jul 19, 2022
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in... Critical Unreviewed
CVE-2022-2131 was published Jul 26, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... Critical Unreviewed
CVE-2022-31775 was published Aug 2, 2022
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The... Critical Unreviewed
CVE-2022-42307 was published Oct 4, 2022
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This... Critical Unreviewed
CVE-2021-4311 was published Jan 9, 2023
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and... Critical Unreviewed
CVE-2022-3980 was published Nov 16, 2022
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via... Critical Unreviewed
CVE-2021-26703 was published May 24, 2022
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. Critical Unreviewed
CVE-2020-35604 was published May 24, 2022
MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a... Critical Unreviewed
CVE-2021-1628 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API