GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
686 advisories
Filter by severity
XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09.
Critical
Unreviewed
CVE-2022-45588
was published
Feb 3, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity...
Critical
Unreviewed
CVE-2022-38389
was published
Feb 3, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity...
Critical
Unreviewed
CVE-2022-22486
was published
Feb 3, 2023
Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote).
Critical
Unreviewed
CVE-2022-47873
was published
Feb 1, 2023
Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX...
Moderate
Unreviewed
CVE-2023-22322
was published
Jan 30, 2023
Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component:...
High
Unreviewed
CVE-2023-21862
was published
Jan 18, 2023
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.
High
Unreviewed
CVE-2023-22624
was published
Jan 17, 2023
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A...
High
Unreviewed
CVE-2023-23595
was published
Jan 15, 2023
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This...
Critical
Unreviewed
CVE-2021-4311
was published
Jan 9, 2023
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This...
Critical
Unreviewed
CVE-2021-4295
was published
Dec 29, 2022
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic....
Moderate
Unreviewed
CVE-2022-4818
was published
Dec 28, 2022
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec...
High
Unreviewed
CVE-2022-25628
was published
Dec 21, 2022
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been...
Critical
Unreviewed
CVE-2022-4607
was published
Dec 19, 2022
An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote...
High
Unreviewed
CVE-2022-47514
was published
Dec 18, 2022
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line...
Moderate
Unreviewed
CVE-2022-37911
was published
Dec 12, 2022
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom...
Moderate
Unreviewed
CVE-2022-46827
was published
Dec 8, 2022
An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2...
Moderate
Unreviewed
CVE-2022-45326
was published
Dec 6, 2022
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External...
Moderate
Unreviewed
CVE-2022-40771
was published
Nov 23, 2022
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can...
High
Unreviewed
CVE-2022-40304
was published
Nov 23, 2022
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and...
Critical
Unreviewed
CVE-2022-3980
was published
Nov 16, 2022
A vulnerability in the module import function of the administrative interface of Cisco Firepower...
Moderate
Unreviewed
CVE-2022-20938
was published
Nov 16, 2022
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash...
Moderate
Unreviewed
CVE-2022-45194
was published
Nov 12, 2022
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform...
Moderate
Unreviewed
CVE-2022-43570
was published
Nov 5, 2022
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote...
High
Unreviewed
CVE-2022-3340
was published
Nov 4, 2022
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This...
High
Unreviewed
CVE-2022-42745
was published
Nov 4, 2022
ProTip!
Advisories are also available from the
GraphQL API