Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

686 advisories

Loading
XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09. Critical Unreviewed
CVE-2022-45588 was published Feb 3, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-38389 was published Feb 3, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-22486 was published Feb 3, 2023
Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). Critical Unreviewed
CVE-2022-47873 was published Feb 1, 2023
Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX... Moderate Unreviewed
CVE-2023-22322 was published Jan 30, 2023
Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component:... High Unreviewed
CVE-2023-21862 was published Jan 18, 2023
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. High Unreviewed
CVE-2023-22624 was published Jan 17, 2023
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A... High Unreviewed
CVE-2023-23595 was published Jan 15, 2023
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This... Critical Unreviewed
CVE-2021-4311 was published Jan 9, 2023
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This... Critical Unreviewed
CVE-2021-4295 was published Dec 29, 2022
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic.... Moderate Unreviewed
CVE-2022-4818 was published Dec 28, 2022
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec... High Unreviewed
CVE-2022-25628 was published Dec 21, 2022
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been... Critical Unreviewed
CVE-2022-4607 was published Dec 19, 2022
An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote... High Unreviewed
CVE-2022-47514 was published Dec 18, 2022
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line... Moderate Unreviewed
CVE-2022-37911 was published Dec 12, 2022
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom... Moderate Unreviewed
CVE-2022-46827 was published Dec 8, 2022
An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2... Moderate Unreviewed
CVE-2022-45326 was published Dec 6, 2022
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External... Moderate Unreviewed
CVE-2022-40771 was published Nov 23, 2022
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can... High Unreviewed
CVE-2022-40304 was published Nov 23, 2022
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and... Critical Unreviewed
CVE-2022-3980 was published Nov 16, 2022
A vulnerability in the module import function of the administrative interface of Cisco Firepower... Moderate Unreviewed
CVE-2022-20938 was published Nov 16, 2022
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash... Moderate Unreviewed
CVE-2022-45194 was published Nov 12, 2022
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform... Moderate Unreviewed
CVE-2022-43570 was published Nov 5, 2022
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote... High Unreviewed
CVE-2022-3340 was published Nov 4, 2022
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This... High Unreviewed
CVE-2022-42745 was published Nov 4, 2022
ProTip! Advisories are also available from the GraphQL API