Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

996 advisories

Loading
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10... Moderate Unreviewed
CVE-2022-0861 was published Mar 24, 2022
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's... High Unreviewed
CVE-2021-42194 was published Mar 22, 2022
XML external entity (XXE) attacks in Jenkins Xcode integration Plugin High
CVE-2021-21656 was published for org.jenkins-ci.plugins:xcode-plugin (Maven) Mar 18, 2022
XML external entity (XXE) injection in Apache Nutch Critical
CVE-2021-23901 was published for org.apache.nutch:nutch (Maven) Mar 18, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter Moderate
CVE-2022-27193 was published for cvrf2csaf (pip) Mar 16, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin High
CVE-2022-27201 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Mar 16, 2022
NotMyFault
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected... Critical Unreviewed
CVE-2022-22795 was published Mar 11, 2022
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the... Moderate Unreviewed
CVE-2022-22835 was published Mar 11, 2022
Improper Restriction of XML External Entity Reference in trytond and proteus Moderate
CVE-2022-26661 was published for proteus (pip) Mar 11, 2022
Improper Restriction of XML External Entity Reference in Any23 Critical
CVE-2022-25312 was published for org.apache.any23:apache-any23 (Maven) Mar 6, 2022
Improper Restriction of XML External Entity Reference in Liquibase Critical
CVE-2022-0839 was published for org.liquibase:liquibase-core (Maven) Mar 5, 2022
XML External Entity Reference in Hazelcast Critical
CVE-2022-0265 was published for com.hazelcast:hazelcast (Maven) Mar 4, 2022
aiannucci
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer Critical
CVE-2022-23640 was published for com.monitorjbl:xlsx-streamer (Maven) Mar 2, 2022
pjfanning
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was... Critical Unreviewed
CVE-2022-24340 was published Feb 26, 2022
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly... High Unreviewed
CVE-2020-14478 was published Feb 25, 2022
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra High
CVE-2022-25209 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Improper Restriction of XML External Entity Reference in Magnolia CMS High
CVE-2021-46365 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R)... High Unreviewed
CVE-2022-21205 was published Feb 11, 2022
Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before... High Unreviewed
CVE-2022-21220 was published Feb 11, 2022
Improper Restriction of XML External Entity Reference High
CVE-2020-13692 was published for org.postgresql:postgresql (Maven) Feb 10, 2022
SunBK201
Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. Critical Unreviewed
CVE-2021-46660 was published Jan 31, 2022
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14... Moderate Unreviewed
CVE-2022-23031 was published Jan 26, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity... High Unreviewed
CVE-2020-4876 was published Jan 22, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity... High Unreviewed
CVE-2020-4875 was published Jan 22, 2022
corenlp is vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2022-0239 was published for edu.stanford.nlp:stanford-corenlp (Maven) Jan 21, 2022
ProTip! Advisories are also available from the GraphQL API