GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
244 advisories
Filter by severity
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5,...
Critical
Unreviewed
CVE-2016-8348
was published
May 17, 2022
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a...
Critical
Unreviewed
CVE-2016-9706
was published
May 17, 2022
PySAML2 XML external entity attack
Critical
CVE-2016-10127
was published
for
pysaml2
(pip)
May 17, 2022
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data...
Critical
Unreviewed
CVE-2017-6895
was published
May 17, 2022
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by...
Critical
Unreviewed
CVE-2016-6111
was published
May 17, 2022
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.
Critical
Unreviewed
CVE-2015-7273
was published
May 17, 2022
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform...
Critical
Unreviewed
CVE-2017-7503
was published
May 17, 2022
An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library...
Critical
Unreviewed
CVE-2017-10670
was published
May 17, 2022
Apache OpenMeetings does not correctly validate uploaded XML documents
Critical
CVE-2017-7664
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
XML External Entity Reference in Apache Sling
Critical
CVE-2016-6798
was published
for
org.apache.sling:org.apache.sling.xss
(Maven)
May 17, 2022
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and...
Critical
Unreviewed
CVE-2016-7460
was published
May 17, 2022
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity...
Critical
Unreviewed
CVE-2017-1383
was published
May 17, 2022
Improper Restriction of XML External Entity Reference in Jelly
Critical
CVE-2017-12621
was published
for
commons-jelly:commons-jelly
(Maven)
May 17, 2022
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 ...
Critical
Unreviewed
CVE-2017-14759
was published
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache OpenNLP
Critical
CVE-2017-12620
was published
for
org.apache.opennlp:opennlp-tools
(Maven)
May 17, 2022
XML external entity (XXE) vulnerability in the import package functionality of the deployment...
Critical
Unreviewed
CVE-2017-13706
was published
May 17, 2022
The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote...
Critical
Unreviewed
CVE-2014-9487
was published
May 17, 2022
A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image...
Critical
Unreviewed
CVE-2017-14101
was published
May 14, 2022
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17...
Critical
Unreviewed
CVE-2014-3244
was published
May 14, 2022
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1,...
Critical
Unreviewed
CVE-2014-3005
was published
May 14, 2022
mxGraph vulnerable to XXE attacks
Critical
CVE-2017-18197
was published
for
mxgraph
(npm)
May 14, 2022
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the...
Critical
Unreviewed
CVE-2017-7375
was published
May 14, 2022
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center,...
Critical
Unreviewed
CVE-2018-6489
was published
May 14, 2022
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE)...
Critical
Unreviewed
CVE-2018-1000124
was published
May 14, 2022
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2)...
Critical
Unreviewed
CVE-2014-0931
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API