Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

265 advisories

Loading
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Critical Unreviewed
CVE-2021-38298 was published May 24, 2022
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x... Critical Unreviewed
CVE-2022-31678 was published Oct 28, 2022
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement... Critical Unreviewed
CVE-2020-25912 was published May 24, 2022
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote... Critical Unreviewed
CVE-2021-34436 was published May 24, 2022
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File... Critical Unreviewed
CVE-2022-22774 was published May 11, 2022
External Entity Reference in TwelveMonkeys ImageIO Critical
CVE-2021-23792 was published for com.twelvemonkeys.imageio:imageio-metadata (Maven) May 7, 2022
Due to an XML external entity reference, the software parses XML in the backup/restore... Critical Unreviewed
CVE-2022-1704 was published Aug 6, 2022
An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope... Critical Unreviewed
CVE-2018-3881 was published May 13, 2022
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15... Critical Unreviewed
CVE-2018-13826 was published May 13, 2022
Vulnerability that affects org.apache.pdfbox:pdfbox Critical
CVE-2019-0228 was published for org.apache.pdfbox:pdfbox (Maven) Jul 5, 2019
jacobovazquez
Credited to jacobovazquez
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and... Critical Unreviewed
CVE-2018-16792 was published May 13, 2022
Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack Critical
CVE-2022-39135 was published for org.apache.calcite:calcite-core (Maven) Sep 12, 2022
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting... Critical Unreviewed
CVE-2017-1000497 was published May 13, 2022
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information,... Critical Unreviewed
CVE-2016-2908 was published May 13, 2022
XML External Entity (XXE) vulnerability in neo4j.procedure:apoc Critical
CVE-2018-1000820 was published for org.neo4j.procedure:apoc (Maven) Dec 20, 2018
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17... Critical Unreviewed
CVE-2018-12463 was published May 13, 2022
XML external entity (XXE) injection in Apache Nutch Critical
CVE-2021-23901 was published for org.apache.nutch:nutch (Maven) Mar 18, 2022
Arbitrary code injection in json-sanitizer Critical
CVE-2021-23899 was published for com.mikesamuel:json-sanitizer (Maven) Jun 16, 2021
XML Injection in Any23 Critical
CVE-2021-38555 was published for org.apache.any23:apache-any23 (Maven) Sep 13, 2021
XML External Entity vulnerability in MODX CMS Critical
CVE-2020-25911 was published for modx/revolution (Composer) Nov 1, 2021
National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is... Critical Unreviewed
CVE-2021-44557 was published Dec 9, 2021
National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected... Critical Unreviewed
CVE-2021-44556 was published Dec 9, 2021
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity... Critical Unreviewed
CVE-2016-9180 was published May 13, 2022
www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht... Critical Unreviewed
CVE-2017-8110 was published May 13, 2022
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External... Critical Unreviewed
CVE-2016-9924 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database