GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,438

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

227 advisories

Filter by severity

Sort by

Least recently updated

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10... Moderate Unreviewed

CVE-2022-0861 was published Mar 24, 2022

When opening a malicious solution file provided by an attacker, the application suffers from an... Moderate Unreviewed

CVE-2022-1018 was published Apr 3, 2022

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed

CVE-2022-0221 was published Apr 14, 2022

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file... Moderate Unreviewed

CVE-2017-7457 was published May 17, 2022

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM... Moderate Unreviewed

CVE-2015-0194 was published May 17, 2022

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi... Moderate Unreviewed

CVE-2016-7458 was published May 17, 2022

IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when... Moderate Unreviewed

CVE-2017-1219 was published May 17, 2022

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware... Moderate Unreviewed

CVE-2017-7907 was published May 17, 2022

An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated,... Moderate Unreviewed

CVE-2017-3811 was published May 17, 2022

IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an... Moderate Unreviewed

CVE-2016-0254 was published May 17, 2022

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to... Moderate Unreviewed

CVE-2017-2308 was published May 17, 2022

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager... Moderate Unreviewed

CVE-2017-9295 was published May 17, 2022

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity ... Moderate Unreviewed

CVE-2017-8056 was published May 17, 2022

External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access... Moderate Unreviewed

CVE-2016-5748 was published May 17, 2022

XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. Moderate Unreviewed

CVE-2016-4931 was published May 17, 2022

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote... Moderate Unreviewed

CVE-2015-7743 was published May 17, 2022

Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. Moderate Unreviewed

CVE-2022-34001 was published Jul 20, 2022

XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read... Moderate Unreviewed

CVE-2017-6344 was published May 17, 2022

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML... Moderate Unreviewed

CVE-2016-5749 was published May 17, 2022

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0... Moderate Unreviewed

CVE-2016-0284 was published May 17, 2022

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the... Moderate Unreviewed

CVE-2020-6238 was published May 24, 2022

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files... Moderate Unreviewed

CVE-2019-17637 was published May 24, 2022

CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash... Moderate Unreviewed

CVE-2022-45194 was published Nov 12, 2022

Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity ... Moderate Unreviewed

CVE-2022-38342 was published Sep 14, 2022

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom... Moderate Unreviewed

CVE-2022-46827 was published Dec 8, 2022

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

227 advisories