GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
245 advisories
Filter by severity
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection...
Critical
Unreviewed
CVE-2013-4333
was published
May 5, 2022
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF...
Critical
Unreviewed
CVE-2022-24449
was published
Apr 29, 2022
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that...
Critical
Unreviewed
CVE-2022-28219
was published
Apr 6, 2022
Improper Restriction of XML External Entity Reference in soa-model
Critical
CVE-2021-43090
was published
for
com.predic8:soa-model-core
(Maven)
Mar 26, 2022
XML external entity (XXE) injection in Apache Nutch
Critical
CVE-2021-23901
was published
for
org.apache.nutch:nutch
(Maven)
Mar 18, 2022
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected...
Critical
Unreviewed
CVE-2022-22795
was published
Mar 11, 2022
Improper Restriction of XML External Entity Reference in Any23
Critical
CVE-2022-25312
was published
for
org.apache.any23:apache-any23
(Maven)
Mar 6, 2022
Improper Restriction of XML External Entity Reference in Liquibase
Critical
CVE-2022-0839
was published
for
org.liquibase:liquibase-core
(Maven)
Mar 5, 2022
XML External Entity Reference in Hazelcast
Critical
CVE-2022-0265
was published
for
com.hazelcast:hazelcast
(Maven)
Mar 4, 2022
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Critical
CVE-2022-23640
was published
for
com.monitorjbl:xlsx-streamer
(Maven)
Mar 2, 2022
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was...
Critical
Unreviewed
CVE-2022-24340
was published
Feb 26, 2022
Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks.
Critical
Unreviewed
CVE-2021-46660
was published
Jan 31, 2022
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2022-0239
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
Jan 21, 2022
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML...
Critical
Unreviewed
CVE-2021-40722
was published
Jan 14, 2022
National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected...
Critical
Unreviewed
CVE-2021-44556
was published
Dec 9, 2021
National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is...
Critical
Unreviewed
CVE-2021-44557
was published
Dec 9, 2021
XML External Entity vulnerability in Easy-XML
Critical
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
XML External Entity vulnerability in MODX CMS
Critical
CVE-2020-25911
was published
for
modx/revolution
(Composer)
Nov 1, 2021
XML Injection in Any23
Critical
CVE-2021-38555
was published
for
org.apache.any23:apache-any23
(Maven)
Sep 13, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18705
was published
for
quokka
(pip)
Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18703
was published
for
quokka
(pip)
Aug 30, 2021
Arbitrary code injection in json-sanitizer
Critical
CVE-2021-23899
was published
for
com.mikesamuel:json-sanitizer
(Maven)
Jun 16, 2021
Improper Restriction of XML External Entity Reference in MPXJ
Critical
CVE-2020-25020
was published
for
net.sf.mpxj:mpxj
(Maven)
May 7, 2021
XML External Entity attack in log4net
Critical
CVE-2018-1285
was published
for
log4net
(NuGet)
Jan 29, 2021
ProTip!
Advisories are also available from the
GraphQL API