Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

265 advisories

Loading
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API... Critical Unreviewed
CVE-2021-27931 was published May 24, 2022
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via... Critical Unreviewed
CVE-2021-26703 was published May 24, 2022
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. Critical Unreviewed
CVE-2020-35604 was published May 24, 2022
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. Critical Unreviewed
CVE-2020-25215 was published May 24, 2022
Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for org.mule.modules:mule-apikit-module (Maven) May 24, 2022 withdrawn
binary-1024
Credited to binary-1024
AutoUpdater.NET allows XXE Critical
CVE-2019-20627 was published for Autoupdater.NET.Official (NuGet) May 24, 2022
An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan... Critical Unreviewed
CVE-2018-20687 was published May 24, 2022
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by... Critical Unreviewed
CVE-2019-14678 was published May 24, 2022
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is... Critical Unreviewed
CVE-2019-14277 was published May 24, 2022
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported,... Critical Unreviewed
CVE-2019-13625 was published May 24, 2022
CodeIgniter Rest Server XXE Vulnerability Critical
CVE-2015-3907 was published for chriskacerguis/codeigniter-restserver (Composer) May 24, 2022
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2019-1903 was published May 24, 2022
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit... Critical Unreviewed
CVE-2018-18406 was published May 24, 2022
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and... Critical Unreviewed
CVE-2018-18471 was published May 24, 2022
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to... Critical Unreviewed
CVE-2018-15506 was published May 24, 2022
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to... Critical Unreviewed
CVE-2019-12154 was published May 24, 2022
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML... Critical Unreviewed
CVE-2019-9670 was published May 24, 2022
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra... Critical Unreviewed
CVE-2018-20160 was published May 24, 2022
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has... Critical Unreviewed
CVE-2018-8940 was published May 24, 2022
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk... Critical Unreviewed
CVE-2019-7442 was published May 24, 2022
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. Critical Unreviewed
CVE-2018-14485 was published May 24, 2022
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224... Critical Unreviewed
CVE-2019-11677 was published May 24, 2022
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5,... Critical Unreviewed
CVE-2016-8348 was published May 17, 2022
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a... Critical Unreviewed
CVE-2016-9706 was published May 17, 2022
PySAML2 XML external entity attack Critical
CVE-2016-10127 was published for pysaml2 (pip) May 17, 2022
jhutchings1
Credited to jhutchings1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database