Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

162 advisories

Loading
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected... Critical Unreviewed
CVE-2022-22795 was published Mar 11, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed
CVE-2015-8866 was published May 14, 2022
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that... Critical Unreviewed
CVE-2022-28219 was published Apr 6, 2022
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. Critical Unreviewed
CVE-2021-45981 was published Jun 3, 2022
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and... Critical Unreviewed
CVE-2016-7460 was published May 17, 2022
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity... Critical Unreviewed
CVE-2017-1383 was published May 17, 2022
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4... Critical Unreviewed
CVE-2021-45024 was published Jun 18, 2022
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-22489 was published Aug 20, 2022
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection... Critical Unreviewed
CVE-2022-23170 was published Jun 25, 2022
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by... Critical Unreviewed
CVE-2016-6111 was published May 17, 2022
An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library... Critical Unreviewed
CVE-2017-10670 was published May 17, 2022
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform... Critical Unreviewed
CVE-2017-7503 was published May 17, 2022
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a... Critical Unreviewed
CVE-2016-9706 was published May 17, 2022
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Critical Unreviewed
CVE-2015-7273 was published May 17, 2022
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5,... Critical Unreviewed
CVE-2016-8348 was published May 17, 2022
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data... Critical Unreviewed
CVE-2017-6895 was published May 17, 2022
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin... Critical Unreviewed
CVE-2022-35741 was published Jul 19, 2022
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in... Critical Unreviewed
CVE-2022-2131 was published Jul 26, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... Critical Unreviewed
CVE-2022-31775 was published Aug 2, 2022
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The... Critical Unreviewed
CVE-2022-42307 was published Oct 4, 2022
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This... Critical Unreviewed
CVE-2021-4311 was published Jan 9, 2023
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and... Critical Unreviewed
CVE-2022-3980 was published Nov 16, 2022
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via... Critical Unreviewed
CVE-2021-26703 was published May 24, 2022
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. Critical Unreviewed
CVE-2020-35604 was published May 24, 2022
MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a... Critical Unreviewed
CVE-2021-1628 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database