GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
996 advisories
Filter by severity
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote...
High
Unreviewed
CVE-2017-8913
was published
May 13, 2022
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows...
Moderate
Unreviewed
CVE-2017-11457
was published
May 13, 2022
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted...
High
Unreviewed
CVE-2017-1000061
was published
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS
High
CVE-2016-8739
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows...
High
Unreviewed
CVE-2017-9233
was published
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache FOP
High
CVE-2017-5661
was published
for
org.apache.xmlgraphics:fop
(Maven)
May 13, 2022
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5...
High
Unreviewed
CVE-2016-5795
was published
May 13, 2022
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6...
High
Unreviewed
CVE-2018-8819
was published
May 13, 2022
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x...
Moderate
Unreviewed
CVE-2017-8040
was published
May 13, 2022
Improper Restriction of XML External Entity Reference in python-docx
High
CVE-2016-5851
was published
for
python-docx
(pip)
May 13, 2022
Improper Restriction of XML External Entity Reference in Castor
Moderate
CVE-2014-3004
was published
for
org.codehaus.castor:castor
(Maven)
May 13, 2022
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE)...
High
Unreviewed
CVE-2018-7783
was published
May 13, 2022
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component...
High
Unreviewed
CVE-2018-7230
was published
May 13, 2022
Improper Restriction of XML External Entity Reference in Spring Framework
High
CVE-2014-0225
was published
for
org.springframework:spring-webmvc
(Maven)
May 13, 2022
An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope...
Critical
Unreviewed
CVE-2018-3881
was published
May 13, 2022
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC...
High
Unreviewed
CVE-2017-16349
was published
May 13, 2022
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2...
High
Unreviewed
CVE-2017-2815
was published
May 13, 2022
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers...
High
Unreviewed
CVE-2021-27777
was published
May 13, 2022
XML External Entity (XXE) vulnerability in the file based service provider creation feature of...
Critical
Unreviewed
CVE-2021-42646
was published
May 12, 2022
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File...
Critical
Unreviewed
CVE-2022-22774
was published
May 11, 2022
External Entity Reference in TwelveMonkeys ImageIO
Critical
CVE-2021-23792
was published
for
com.twelvemonkeys.imageio:imageio-metadata
(Maven)
May 7, 2022
XML External Entity Reference in apache jena
Critical
CVE-2022-28890
was published
for
org.apache.jena:jena
(Maven)
May 6, 2022
expat 2.1.0 and earlier does not properly handle entities expansion unless an application...
Moderate
Unreviewed
CVE-2013-0340
was published
May 5, 2022
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection...
Critical
Unreviewed
CVE-2013-4333
was published
May 5, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an...
High
Unreviewed
CVE-2022-20780
was published
May 5, 2022
ProTip!
Advisories are also available from the
GraphQL API