Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

215 advisories

Loading
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10... Moderate Unreviewed
CVE-2022-0861 was published Mar 24, 2022
When opening a malicious solution file provided by an attacker, the application suffers from an... Moderate Unreviewed
CVE-2022-1018 was published Apr 3, 2022
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2022-0221 was published Apr 14, 2022
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file... Moderate Unreviewed
CVE-2017-7457 was published May 17, 2022
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM... Moderate Unreviewed
CVE-2015-0194 was published May 17, 2022
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi... Moderate Unreviewed
CVE-2016-7458 was published May 17, 2022
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when... Moderate Unreviewed
CVE-2017-1219 was published May 17, 2022
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware... Moderate Unreviewed
CVE-2017-7907 was published May 17, 2022
An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated,... Moderate Unreviewed
CVE-2017-3811 was published May 17, 2022
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an... Moderate Unreviewed
CVE-2016-0254 was published May 17, 2022
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to... Moderate Unreviewed
CVE-2017-2308 was published May 17, 2022
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager... Moderate Unreviewed
CVE-2017-9295 was published May 17, 2022
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity ... Moderate Unreviewed
CVE-2017-8056 was published May 17, 2022
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access... Moderate Unreviewed
CVE-2016-5748 was published May 17, 2022
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. Moderate Unreviewed
CVE-2016-4931 was published May 17, 2022
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote... Moderate Unreviewed
CVE-2015-7743 was published May 17, 2022
Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. Moderate Unreviewed
CVE-2022-34001 was published Jul 20, 2022
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read... Moderate Unreviewed
CVE-2017-6344 was published May 17, 2022
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML... Moderate Unreviewed
CVE-2016-5749 was published May 17, 2022
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0... Moderate Unreviewed
CVE-2016-0284 was published May 17, 2022
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the... Moderate Unreviewed
CVE-2020-6238 was published May 24, 2022
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files... Moderate Unreviewed
CVE-2019-17637 was published May 24, 2022
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash... Moderate Unreviewed
CVE-2022-45194 was published Nov 12, 2022
Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity ... Moderate Unreviewed
CVE-2022-38342 was published Sep 14, 2022
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom... Moderate Unreviewed
CVE-2022-46827 was published Dec 8, 2022
ProTip! Advisories are also available from the GraphQL API