GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,553

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

162 advisories

Filter by severity

Sort by

Least recently updated

National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is... Critical Unreviewed

CVE-2021-44557 was published Dec 9, 2021

National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected... Critical Unreviewed

CVE-2021-44556 was published Dec 9, 2021

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML... Critical Unreviewed

CVE-2021-40722 was published Jan 14, 2022

Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. Critical Unreviewed

CVE-2021-46660 was published Jan 31, 2022

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was... Critical Unreviewed

CVE-2022-24340 was published Feb 26, 2022

Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected... Critical Unreviewed

CVE-2022-22795 was published Mar 11, 2022

Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that... Critical Unreviewed

CVE-2022-28219 was published Apr 6, 2022

Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF... Critical Unreviewed

CVE-2022-24449 was published Apr 29, 2022

OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection... Critical Unreviewed

CVE-2013-4333 was published May 5, 2022

The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File... Critical Unreviewed

CVE-2022-22774 was published May 11, 2022

XML External Entity (XXE) vulnerability in the file based service provider creation feature of... Critical Unreviewed

CVE-2021-42646 was published May 12, 2022

An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope... Critical Unreviewed

CVE-2018-3881 was published May 13, 2022

XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1... Critical Unreviewed

CVE-2016-3974 was published May 13, 2022

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15... Critical Unreviewed

CVE-2018-13826 was published May 13, 2022

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and... Critical Unreviewed

CVE-2018-16792 was published May 13, 2022

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information,... Critical Unreviewed

CVE-2016-2908 was published May 13, 2022

Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting... Critical Unreviewed

CVE-2017-1000497 was published May 13, 2022

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17... Critical Unreviewed

CVE-2018-12463 was published May 13, 2022

perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity... Critical Unreviewed

CVE-2016-9180 was published May 13, 2022

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht... Critical Unreviewed

CVE-2017-8110 was published May 13, 2022

Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External... Critical Unreviewed

CVE-2016-9924 was published May 13, 2022

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway... Critical Unreviewed

CVE-2017-9458 was published May 13, 2022

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8... Critical Unreviewed

CVE-2018-10653 was published May 13, 2022

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2... Critical Unreviewed

CVE-2014-3630 was published May 13, 2022

FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE)... Critical Unreviewed

CVE-2018-1000828 was published May 13, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

162 advisories