Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

446 advisories

Loading
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when... High Unreviewed
CVE-2023-28009 was published Apr 26, 2023
This vulnerability allows remote attackers to disclose sensitive information on affected... High Unreviewed
CVE-2020-15419 was published May 24, 2022
This vulnerability allows remote attackers to disclose sensitive information on affected... High Unreviewed
CVE-2020-15418 was published May 24, 2022
WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin... High Unreviewed
CVE-2020-11885 was published May 24, 2022
Oxygen XML Editor 21.1.1 allows XXE to read any file. High Unreviewed
CVE-2019-20191 was published May 24, 2022
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30,... High Unreviewed
CVE-2020-6202 was published May 24, 2022
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is:... High Unreviewed
CVE-2019-19032 was published May 24, 2022
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is:... High Unreviewed
CVE-2019-19031 was published May 24, 2022
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. High Unreviewed
CVE-2019-19998 was published May 24, 2022
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow... High Unreviewed
CVE-2019-18227 was published May 24, 2022
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the... High Unreviewed
CVE-2019-9757 was published May 24, 2022
An XML External Entity Injection vulnerability exists in Dzone AnswerHub. High Unreviewed
CVE-2017-15725 was published May 24, 2022
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection... High Unreviewed
CVE-2019-8087 was published May 24, 2022
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection... High Unreviewed
CVE-2019-8086 was published May 24, 2022
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection... High Unreviewed
CVE-2019-8082 was published May 24, 2022
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka... High Unreviewed
CVE-2019-18213 was published May 24, 2022
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote... High Unreviewed
CVE-2017-17762 was published May 24, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser... High Unreviewed
CVE-2019-1060 was published May 24, 2022
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple... High Unreviewed
CVE-2019-16188 was published May 24, 2022
An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote... High Unreviewed
CVE-2019-16174 was published May 24, 2022
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 ... High Unreviewed
CVE-2019-13608 was published May 24, 2022
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data... High Unreviewed
CVE-2019-15637 was published May 24, 2022
The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information... High Unreviewed
CVE-2019-14258 was published May 24, 2022
A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses... High Unreviewed
CVE-2019-1187 was published May 24, 2022
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE)... High Unreviewed
CVE-2019-14693 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API