Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

761 advisories

Loading
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected... Critical Unreviewed
CVE-2022-22795 was published Mar 11, 2022
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's... High Unreviewed
CVE-2021-42194 was published Mar 22, 2022
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10... Moderate Unreviewed
CVE-2022-0861 was published Mar 24, 2022
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability... High Unreviewed
CVE-2021-44477 was published Mar 26, 2022
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA... High Unreviewed
CVE-2021-33208 was published Apr 1, 2022
When opening a malicious solution file provided by an attacker, the application suffers from an... Moderate Unreviewed
CVE-2022-1018 was published Apr 3, 2022
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2022-0221 was published Apr 14, 2022
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external... High Unreviewed
CVE-2012-1102 was published Apr 23, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It... High Unreviewed
CVE-2020-25257 was published May 24, 2022
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that... Critical Unreviewed
CVE-2022-28219 was published Apr 6, 2022
jersey: XXE via parameter entities not disabled by the jersey SAX parser High Unreviewed
CVE-2014-3643 was published May 17, 2022
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE)... High Unreviewed
CVE-2022-22977 was published May 25, 2022
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful... High Unreviewed
CVE-2022-31261 was published May 25, 2022
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. Critical Unreviewed
CVE-2021-45981 was published Jun 3, 2022
XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers... High Unreviewed
CVE-2010-2245 was published May 17, 2022
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if... High Unreviewed
CVE-2017-11390 was published May 17, 2022
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM... Moderate Unreviewed
CVE-2015-0194 was published May 17, 2022
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and... Critical Unreviewed
CVE-2016-7460 was published May 17, 2022
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi... Moderate Unreviewed
CVE-2016-7458 was published May 17, 2022
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when... Moderate Unreviewed
CVE-2017-1219 was published May 17, 2022
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity... Critical Unreviewed
CVE-2017-1383 was published May 17, 2022
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access... High Unreviewed
CVE-2022-31447 was published Jun 15, 2022
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4... Critical Unreviewed
CVE-2021-45024 was published Jun 18, 2022
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions <... High Unreviewed
CVE-2022-32285 was published Jun 15, 2022
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system... High Unreviewed
CVE-2021-40510 was published Jun 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database