Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

173 advisories

Loading
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. Critical Unreviewed
CVE-2019-5748 was published May 14, 2022
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 Critical Unreviewed
CVE-2018-15362 was published May 14, 2022
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man... Critical Unreviewed
CVE-2018-1000829 was published May 14, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed
CVE-2015-8866 was published May 14, 2022
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2018-9116 was published May 14, 2022
Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed
CVE-2019-5918 was published May 14, 2022
XXE issue in Airsonic before 10.1.2 during parse. Critical Unreviewed
CVE-2018-20222 was published May 14, 2022
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows... Critical Unreviewed
CVE-2014-3990 was published May 14, 2022
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML... Critical Unreviewed
CVE-2014-0030 was published May 14, 2022
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. Critical Unreviewed
CVE-2018-20664 was published May 14, 2022
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed
CVE-2016-6256 was published May 14, 2022
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser... Critical Unreviewed
CVE-2018-1000837 was published May 13, 2022
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx... Critical Unreviewed
CVE-2018-1000835 was published May 13, 2022
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing... Critical Unreviewed
CVE-2018-1000639 was published May 13, 2022
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. Critical Unreviewed
CVE-2015-9280 was published May 13, 2022
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version... Critical Unreviewed
CVE-2017-3206 was published May 13, 2022
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE)... Critical Unreviewed
CVE-2017-7426 was published May 13, 2022
It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is... Critical Unreviewed
CVE-2017-7464 was published May 13, 2022
It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable... Critical Unreviewed
CVE-2017-7465 was published May 13, 2022
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the... Critical Unreviewed
CVE-2018-10600 was published May 13, 2022
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External... Critical Unreviewed
CVE-2018-1727 was published May 13, 2022
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External... Critical Unreviewed
CVE-2018-1821 was published May 13, 2022
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro... Critical Unreviewed
CVE-2018-6486 was published May 13, 2022
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000828 was published May 13, 2022
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2... Critical Unreviewed
CVE-2014-3630 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database