Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

306 advisories

Loading
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A... High Unreviewed
CVE-2023-23595 was published Jan 15, 2023
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's... High Unreviewed
CVE-2021-42194 was published Mar 22, 2022
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability... High Unreviewed
CVE-2021-44477 was published Mar 26, 2022
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA... High Unreviewed
CVE-2021-33208 was published Apr 1, 2022
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external... High Unreviewed
CVE-2012-1102 was published Apr 23, 2022
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows... High Unreviewed
CVE-2017-9233 was published May 13, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It... High Unreviewed
CVE-2020-25257 was published May 24, 2022
jersey: XXE via parameter entities not disabled by the jersey SAX parser High Unreviewed
CVE-2014-3643 was published May 17, 2022
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE)... High Unreviewed
CVE-2022-22977 was published May 25, 2022
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful... High Unreviewed
CVE-2022-31261 was published May 25, 2022
XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers... High Unreviewed
CVE-2010-2245 was published May 17, 2022
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if... High Unreviewed
CVE-2017-11390 was published May 17, 2022
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access... High Unreviewed
CVE-2022-31447 was published Jun 15, 2022
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions <... High Unreviewed
CVE-2022-32285 was published Jun 15, 2022
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system... High Unreviewed
CVE-2021-40510 was published Jun 22, 2022
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when... High Unreviewed
CVE-2017-1322 was published May 17, 2022
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker... High Unreviewed
CVE-2022-35168 was published Jul 13, 2022
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when... High Unreviewed
CVE-2017-1254 was published May 17, 2022
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3... High Unreviewed
CVE-2017-9231 was published May 17, 2022
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External... High Unreviewed
CVE-2016-9698 was published May 17, 2022
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused... High Unreviewed
CVE-2016-9691 was published May 17, 2022
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib... High Unreviewed
CVE-2017-6055 was published May 17, 2022
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection ... High Unreviewed
CVE-2016-9724 was published May 17, 2022
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity... High Unreviewed
CVE-2017-1103 was published May 17, 2022
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External... High Unreviewed
CVE-2016-6059 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API