GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
446 advisories
Filter by severity
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when...
High
Unreviewed
CVE-2023-28009
was published
Apr 26, 2023
This vulnerability allows remote attackers to disclose sensitive information on affected...
High
Unreviewed
CVE-2020-15419
was published
May 24, 2022
This vulnerability allows remote attackers to disclose sensitive information on affected...
High
Unreviewed
CVE-2020-15418
was published
May 24, 2022
WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin...
High
Unreviewed
CVE-2020-11885
was published
May 24, 2022
Oxygen XML Editor 21.1.1 allows XXE to read any file.
High
Unreviewed
CVE-2019-20191
was published
May 24, 2022
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30,...
High
Unreviewed
CVE-2020-6202
was published
May 24, 2022
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is:...
High
Unreviewed
CVE-2019-19032
was published
May 24, 2022
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is:...
High
Unreviewed
CVE-2019-19031
was published
May 24, 2022
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.
High
Unreviewed
CVE-2019-19998
was published
May 24, 2022
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow...
High
Unreviewed
CVE-2019-18227
was published
May 24, 2022
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the...
High
Unreviewed
CVE-2019-9757
was published
May 24, 2022
An XML External Entity Injection vulnerability exists in Dzone AnswerHub.
High
Unreviewed
CVE-2017-15725
was published
May 24, 2022
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection...
High
Unreviewed
CVE-2019-8087
was published
May 24, 2022
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection...
High
Unreviewed
CVE-2019-8086
was published
May 24, 2022
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection...
High
Unreviewed
CVE-2019-8082
was published
May 24, 2022
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka...
High
Unreviewed
CVE-2019-18213
was published
May 24, 2022
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote...
High
Unreviewed
CVE-2017-17762
was published
May 24, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser...
High
Unreviewed
CVE-2019-1060
was published
May 24, 2022
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple...
High
Unreviewed
CVE-2019-16188
was published
May 24, 2022
An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote...
High
Unreviewed
CVE-2019-16174
was published
May 24, 2022
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 ...
High
Unreviewed
CVE-2019-13608
was published
May 24, 2022
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data...
High
Unreviewed
CVE-2019-15637
was published
May 24, 2022
The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information...
High
Unreviewed
CVE-2019-14258
was published
May 24, 2022
A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses...
High
Unreviewed
CVE-2019-1187
was published
May 24, 2022
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE)...
High
Unreviewed
CVE-2019-14693
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API