Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,942
NuGet
711
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

328 advisories

Loading
Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by... High Unreviewed
CVE-2022-2759 was published Sep 1, 2022
Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus... High Unreviewed
CVE-2020-21641 was published Aug 16, 2022
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with... High Unreviewed
CVE-2022-2458 was published Aug 11, 2022
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a... High Unreviewed
CVE-2022-27873 was published Jul 30, 2022
Access to external entities when parsing XML documents can lead to XML external entity (XXE)... High Unreviewed
CVE-2022-2414 was published Jul 30, 2022
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs... High Unreviewed
CVE-2021-42537 was published Jul 28, 2022
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient... High Unreviewed
CVE-2022-32458 was published Jul 21, 2022
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML... High Unreviewed
CVE-2022-22358 was published Jul 20, 2022
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker... High Unreviewed
CVE-2022-35168 was published Jul 13, 2022
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system... High Unreviewed
CVE-2021-40510 was published Jun 22, 2022
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions <... High Unreviewed
CVE-2022-32285 was published Jun 15, 2022
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access... High Unreviewed
CVE-2022-31447 was published Jun 15, 2022
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful... High Unreviewed
CVE-2022-31261 was published May 25, 2022
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE)... High Unreviewed
CVE-2022-22977 was published May 25, 2022
An improper restriction of XML external entity reference vulnerability in the parser of XML... High Unreviewed
CVE-2021-36172 was published May 24, 2022
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote... High Unreviewed
CVE-2021-20838 was published May 24, 2022
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which... High Unreviewed
CVE-2020-19954 was published May 24, 2022
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows... High Unreviewed
CVE-2021-40500 was published May 24, 2022
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO... High Unreviewed
CVE-2021-35496 was published May 24, 2022
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE... High Unreviewed
CVE-2021-41770 was published May 24, 2022
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an... High Unreviewed
CVE-2021-29831 was published May 24, 2022
Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application... High Unreviewed
CVE-2021-30137 was published May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter... High Unreviewed
CVE-2021-40356 was published May 24, 2022
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). High Unreviewed
CVE-2021-38584 was published May 24, 2022
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component... High Unreviewed
CVE-2021-1630 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database