Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

329 advisories

Loading
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest... High Unreviewed
CVE-2014-0950 was published May 14, 2022
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External... High Unreviewed
CVE-2018-1247 was published May 14, 2022
IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity... High Unreviewed
CVE-2018-1456 was published May 14, 2022
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD... High Unreviewed
CVE-2018-1000542 was published May 14, 2022
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing... High Unreviewed
CVE-2018-1000546 was published May 14, 2022
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can... High Unreviewed
CVE-2018-1000548 was published May 14, 2022
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE)... High Unreviewed
CVE-2018-1000515 was published May 14, 2022
LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity ... High Unreviewed
CVE-2018-1000540 was published May 14, 2022
XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS... High Unreviewed
CVE-2014-2296 was published May 14, 2022
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0... High Unreviewed
CVE-2016-4312 was published May 14, 2022
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external... High Unreviewed
CVE-2016-8526 was published May 14, 2022
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can... High Unreviewed
CVE-2017-8316 was published May 14, 2022
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read... High Unreviewed
CVE-2016-7459 was published May 14, 2022
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service ... High Unreviewed
CVE-2018-16303 was published May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser... High Unreviewed
CVE-2018-8420 was published May 14, 2022
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to... High Unreviewed
CVE-2018-12585 was published May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser... High Unreviewed
CVE-2018-8494 was published May 14, 2022
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is... High Unreviewed
CVE-2018-18659 was published May 14, 2022
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external... High Unreviewed
CVE-2018-12243 was published May 14, 2022
An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string.... High Unreviewed
CVE-2018-18737 was published May 14, 2022
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE)... High Unreviewed
CVE-2018-20157 was published May 14, 2022
LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE)... High Unreviewed
CVE-2018-16166 was published May 14, 2022
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network... High Unreviewed
CVE-2018-18980 was published May 14, 2022
An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option... High Unreviewed
CVE-2018-19244 was published May 14, 2022
An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous... High Unreviewed
CVE-2018-7837 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database