GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,565
Composer 4,201
Erlang 31
GitHub Actions 19
Go 1,986
Maven 5,163
npm 3,702
NuGet 660
pip 3,328
Pub 11
RubyGems 883
Rust 843
Swift 36

Unreviewed advisories

All unreviewed 233,918

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

307 advisories

Filter by severity

Sort by

Least recently updated

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A... High Unreviewed

CVE-2023-23595 was published Jan 15, 2023

The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's... High Unreviewed

CVE-2021-42194 was published Mar 22, 2022

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability... High Unreviewed

CVE-2021-44477 was published Mar 26, 2022

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA... High Unreviewed

CVE-2021-33208 was published Apr 1, 2022

It was discovered that the XML::Atom Perl module before version 0.39 did not disable external... High Unreviewed

CVE-2012-1102 was published Apr 23, 2022

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows... High Unreviewed

CVE-2017-9233 was published May 13, 2022

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It... High Unreviewed

CVE-2020-25257 was published May 24, 2022

jersey: XXE via parameter entities not disabled by the jersey SAX parser High Unreviewed

CVE-2014-3643 was published May 17, 2022

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE)... High Unreviewed

CVE-2022-22977 was published May 25, 2022

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful... High Unreviewed

CVE-2022-31261 was published May 25, 2022

XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers... High Unreviewed

CVE-2010-2245 was published May 17, 2022

XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if... High Unreviewed

CVE-2017-11390 was published May 17, 2022

An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access... High Unreviewed

CVE-2022-31447 was published Jun 15, 2022

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions <... High Unreviewed

CVE-2022-32285 was published Jun 15, 2022

XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system... High Unreviewed

CVE-2021-40510 was published Jun 22, 2022

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when... High Unreviewed

CVE-2017-1322 was published May 17, 2022

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker... High Unreviewed

CVE-2022-35168 was published Jul 13, 2022

IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when... High Unreviewed

CVE-2017-1254 was published May 17, 2022

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3... High Unreviewed

CVE-2017-9231 was published May 17, 2022

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External... High Unreviewed

CVE-2016-9698 was published May 17, 2022

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused... High Unreviewed

CVE-2016-9691 was published May 17, 2022

XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib... High Unreviewed

CVE-2017-6055 was published May 17, 2022

IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection ... High Unreviewed

CVE-2016-9724 was published May 17, 2022

IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External... High Unreviewed

CVE-2016-6059 was published May 17, 2022

IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity... High Unreviewed

CVE-2017-1103 was published May 17, 2022

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

307 advisories