Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

166 advisories

Loading
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2... Critical Unreviewed
CVE-2014-3630 was published May 13, 2022
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML... Critical Unreviewed
CVE-2014-0030 was published May 14, 2022
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Critical Unreviewed
CVE-2015-7241 was published May 14, 2022
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed
CVE-2016-6256 was published May 14, 2022
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data... Critical Unreviewed
CVE-2017-6895 was published May 17, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed
CVE-2015-8866 was published May 14, 2022
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1... Critical Unreviewed
CVE-2016-3974 was published May 13, 2022
Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). Critical Unreviewed
CVE-2022-47873 was published Feb 1, 2023
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). ... Critical Unreviewed
CVE-2024-21082 was published Apr 17, 2024
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length... Critical Unreviewed
CVE-2024-45490 was published Aug 30, 2024
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can... Critical Unreviewed
CVE-2024-40896 was published Dec 23, 2024
An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB... Critical Unreviewed
CVE-2024-55081 was published Dec 19, 2024
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed
CVE-2024-10218 was published Nov 12, 2024
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to... Critical Unreviewed
CVE-2024-51136 was published Nov 4, 2024
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of... Critical Unreviewed
CVE-2023-20918 was published Jul 13, 2023
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure... Critical Unreviewed
CVE-2024-7098 was published Sep 16, 2024
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML... Critical Unreviewed
CVE-2019-9670 was published May 24, 2022
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. Critical Unreviewed
CVE-2018-14485 was published May 24, 2022
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2022-32755 was published Oct 14, 2023
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was... Critical Unreviewed
CVE-2023-45612 was published Oct 9, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External... Critical Unreviewed
CVE-2023-35892 was published Sep 5, 2023
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity... Critical Unreviewed
CVE-2023-37364 was published Aug 3, 2023
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Critical Unreviewed
CVE-2023-24470 was published Jun 14, 2023
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection ... Critical Unreviewed
CVE-2023-27554 was published May 11, 2023
An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan... Critical Unreviewed
CVE-2018-20687 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database