Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

996 advisories

Loading
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote... High Unreviewed
CVE-2017-8913 was published May 13, 2022
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows... Moderate Unreviewed
CVE-2017-11457 was published May 13, 2022
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted... High Unreviewed
CVE-2017-1000061 was published May 13, 2022
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS High
CVE-2016-8739 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows... High Unreviewed
CVE-2017-9233 was published May 13, 2022
Improper Restriction of XML External Entity Reference in Apache FOP High
CVE-2017-5661 was published for org.apache.xmlgraphics:fop (Maven) May 13, 2022
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5... High Unreviewed
CVE-2016-5795 was published May 13, 2022
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6... High Unreviewed
CVE-2018-8819 was published May 13, 2022
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x... Moderate Unreviewed
CVE-2017-8040 was published May 13, 2022
Improper Restriction of XML External Entity Reference in python-docx High
CVE-2016-5851 was published for python-docx (pip) May 13, 2022
tdunlap607
Improper Restriction of XML External Entity Reference in Castor Moderate
CVE-2014-3004 was published for org.codehaus.castor:castor (Maven) May 13, 2022
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE)... High Unreviewed
CVE-2018-7783 was published May 13, 2022
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component... High Unreviewed
CVE-2018-7230 was published May 13, 2022
Improper Restriction of XML External Entity Reference in Spring Framework High
CVE-2014-0225 was published for org.springframework:spring-webmvc (Maven) May 13, 2022
sunSUNQ
An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope... Critical Unreviewed
CVE-2018-3881 was published May 13, 2022
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC... High Unreviewed
CVE-2017-16349 was published May 13, 2022
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2... High Unreviewed
CVE-2017-2815 was published May 13, 2022
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers... High Unreviewed
CVE-2021-27777 was published May 13, 2022
XML External Entity (XXE) vulnerability in the file based service provider creation feature of... Critical Unreviewed
CVE-2021-42646 was published May 12, 2022
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File... Critical Unreviewed
CVE-2022-22774 was published May 11, 2022
External Entity Reference in TwelveMonkeys ImageIO Critical
CVE-2021-23792 was published for com.twelvemonkeys.imageio:imageio-metadata (Maven) May 7, 2022
XML External Entity Reference in apache jena Critical
CVE-2022-28890 was published for org.apache.jena:jena (Maven) May 6, 2022
thomasredlin
expat 2.1.0 and earlier does not properly handle entities expansion unless an application... Moderate Unreviewed
CVE-2013-0340 was published May 5, 2022
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection... Critical Unreviewed
CVE-2013-4333 was published May 5, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... High Unreviewed
CVE-2022-20780 was published May 5, 2022
ProTip! Advisories are also available from the GraphQL API