Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

169 advisories

Loading
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary... Critical Unreviewed
CVE-2023-24189 was published Feb 25, 2023
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects... Critical Unreviewed
CVE-2015-10082 was published Feb 21, 2023
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0... Critical Unreviewed
CVE-2022-39954 was published Feb 16, 2023
XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09. Critical Unreviewed
CVE-2022-45588 was published Feb 3, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-22486 was published Feb 3, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-38389 was published Feb 3, 2023
Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). Critical Unreviewed
CVE-2022-47873 was published Feb 1, 2023
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This... Critical Unreviewed
CVE-2021-4311 was published Jan 9, 2023
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This... Critical Unreviewed
CVE-2021-4295 was published Dec 29, 2022
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been... Critical Unreviewed
CVE-2022-4607 was published Dec 19, 2022
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and... Critical Unreviewed
CVE-2022-3980 was published Nov 16, 2022
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2022-40747 was published Nov 4, 2022
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x... Critical Unreviewed
CVE-2022-31678 was published Oct 28, 2022
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The... Critical Unreviewed
CVE-2022-42307 was published Oct 4, 2022
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine... Critical Unreviewed
CVE-2022-1700 was published Sep 13, 2022
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-22489 was published Aug 20, 2022
Due to an XML external entity reference, the software parses XML in the backup/restore... Critical Unreviewed
CVE-2022-1704 was published Aug 6, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... Critical Unreviewed
CVE-2022-31775 was published Aug 2, 2022
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in... Critical Unreviewed
CVE-2022-2131 was published Jul 26, 2022
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin... Critical Unreviewed
CVE-2022-35741 was published Jul 19, 2022
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection... Critical Unreviewed
CVE-2022-23170 was published Jun 25, 2022
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4... Critical Unreviewed
CVE-2021-45024 was published Jun 18, 2022
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. Critical Unreviewed
CVE-2021-45981 was published Jun 3, 2022
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote... Critical Unreviewed
CVE-2021-34436 was published May 24, 2022
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement... Critical Unreviewed
CVE-2020-25912 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database