Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

160 advisories

Loading
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API... Critical Unreviewed
CVE-2021-27931 was published May 24, 2022
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via... Critical Unreviewed
CVE-2021-26703 was published May 24, 2022
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. Critical Unreviewed
CVE-2020-35604 was published May 24, 2022
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. Critical Unreviewed
CVE-2020-25215 was published May 24, 2022
An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan... Critical Unreviewed
CVE-2018-20687 was published May 24, 2022
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by... Critical Unreviewed
CVE-2019-14678 was published May 24, 2022
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is... Critical Unreviewed
CVE-2019-14277 was published May 24, 2022
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported,... Critical Unreviewed
CVE-2019-13625 was published May 24, 2022
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2019-1903 was published May 24, 2022
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit... Critical Unreviewed
CVE-2018-18406 was published May 24, 2022
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and... Critical Unreviewed
CVE-2018-18471 was published May 24, 2022
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to... Critical Unreviewed
CVE-2018-15506 was published May 24, 2022
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to... Critical Unreviewed
CVE-2019-12154 was published May 24, 2022
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML... Critical Unreviewed
CVE-2019-9670 was published May 24, 2022
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra... Critical Unreviewed
CVE-2018-20160 was published May 24, 2022
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has... Critical Unreviewed
CVE-2018-8940 was published May 24, 2022
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk... Critical Unreviewed
CVE-2019-7442 was published May 24, 2022
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. Critical Unreviewed
CVE-2018-14485 was published May 24, 2022
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224... Critical Unreviewed
CVE-2019-11677 was published May 24, 2022
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5,... Critical Unreviewed
CVE-2016-8348 was published May 17, 2022
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a... Critical Unreviewed
CVE-2016-9706 was published May 17, 2022
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data... Critical Unreviewed
CVE-2017-6895 was published May 17, 2022
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by... Critical Unreviewed
CVE-2016-6111 was published May 17, 2022
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Critical Unreviewed
CVE-2015-7273 was published May 17, 2022
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform... Critical Unreviewed
CVE-2017-7503 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database