GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
446 advisories
Filter by severity
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable...
High
Unreviewed
CVE-2018-1607
was published
May 13, 2022
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through...
High
Unreviewed
CVE-2018-1588
was published
May 13, 2022
IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration...
High
Unreviewed
CVE-2018-1542
was published
May 13, 2022
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML...
High
Unreviewed
CVE-2018-1421
was published
May 13, 2022
IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection ...
High
Unreviewed
CVE-2018-1424
was published
May 13, 2022
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially...
High
Unreviewed
CVE-2018-1077
was published
May 13, 2022
An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter...
High
Unreviewed
CVE-2018-17912
was published
May 13, 2022
A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could...
High
Unreviewed
CVE-2018-15444
was published
May 13, 2022
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to...
High
Unreviewed
CVE-2018-12471
was published
May 13, 2022
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks,...
High
Unreviewed
CVE-2018-12408
was published
May 13, 2022
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the...
High
Unreviewed
CVE-2018-10613
was published
May 13, 2022
An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the...
High
Unreviewed
CVE-2018-10614
was published
May 13, 2022
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an...
High
Unreviewed
CVE-2017-12216
was published
May 13, 2022
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB...
High
Unreviewed
CVE-2016-9487
was published
May 13, 2022
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved...
High
Unreviewed
CVE-2017-6662
was published
May 14, 2022
IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack...
High
Unreviewed
CVE-2017-1458
was published
May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser...
High
Unreviewed
CVE-2019-0795
was published
May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser...
High
Unreviewed
CVE-2019-0791
was published
May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser...
High
Unreviewed
CVE-2019-0792
was published
May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser...
High
Unreviewed
CVE-2019-0793
was published
May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser...
High
Unreviewed
CVE-2019-0790
was published
May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser...
High
Unreviewed
CVE-2019-0756
was published
May 14, 2022
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items...
High
Unreviewed
CVE-2017-9362
was published
May 14, 2022
The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before...
High
Unreviewed
CVE-2017-18111
was published
May 14, 2022
Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.
High
Unreviewed
CVE-2019-3481
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API