Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

244 advisories

Loading
An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE... Critical Unreviewed
CVE-2023-1288 was published Mar 9, 2023
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary... Critical Unreviewed
CVE-2023-24189 was published Feb 25, 2023
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects... Critical Unreviewed
CVE-2015-10082 was published Feb 21, 2023
java-xmlbuilder vulnerable to XML External Entity Reference Critical
CVE-2014-125087 was published for com.jamesmurty.utils:java-xmlbuilder (Maven) Feb 19, 2023
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0... Critical Unreviewed
CVE-2022-39954 was published Feb 16, 2023
XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09. Critical Unreviewed
CVE-2022-45588 was published Feb 3, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-22486 was published Feb 3, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-38389 was published Feb 3, 2023
Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). Critical Unreviewed
CVE-2022-47873 was published Feb 1, 2023
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24429 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24430 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
XML Entity Expansion in Jenkins TestComplete support Plugin Critical
CVE-2023-24443 was published for org.jenkins-ci.plugins:TestComplete (Maven) Jan 26, 2023
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This... Critical Unreviewed
CVE-2021-4311 was published Jan 9, 2023
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2015-10029 was published for kelvinmo/simplexrd (Composer) Jan 7, 2023
dssp vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2016-15011 was published for be.e_contract.dssp:dssp-client (Maven) Jan 6, 2023
bonita-connector-webservice XML External Entity vulnerability Critical
CVE-2020-36640 was published for org.bonitasoft.connectors:bonita-connector-webservice (Maven) Jan 5, 2023
aXMLRPC XML External Entity vulnerability Critical
CVE-2020-36641 was published for fr.turri:aXMLRPC (Maven) Jan 5, 2023
iText RUPS XML External Entity vulnerability Critical
CVE-2017-20151 was published for com.itextpdf:itext-rups (Maven) Dec 30, 2022
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This... Critical Unreviewed
CVE-2021-4295 was published Dec 29, 2022
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been... Critical Unreviewed
CVE-2022-4607 was published Dec 19, 2022
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and... Critical Unreviewed
CVE-2022-3980 was published Nov 16, 2022
XML External Entity Reference in Jenkins CCCC Plugin Critical
CVE-2022-45395 was published for com.thalesgroup.jenkins-ci.plugins:cccc (Maven) Nov 16, 2022
NotMyFault
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2022-40747 was published Nov 4, 2022
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x... Critical Unreviewed
CVE-2022-31678 was published Oct 28, 2022
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf Critical
CVE-2021-46849 was published for pikepdf (pip) Oct 24, 2022 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database