Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,749
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

347 advisories

Loading
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated... Moderate Unreviewed
CVE-2020-7032 was published May 24, 2022
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references... Moderate Unreviewed
CVE-2022-1331 was published May 4, 2022
Talend Administration Center has a vulnerability that allows an authenticated user to use XML... Moderate Unreviewed
CVE-2022-29943 was published May 5, 2022
Apache NiFi information disclosure by XXE Moderate
CVE-2019-10080 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x... Moderate Unreviewed
CVE-2017-8040 was published May 13, 2022
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote... Moderate Unreviewed
CVE-2018-10077 was published May 13, 2022
Concrete CMS vulnerable to XML External Entity Moderate
CVE-2022-43689 was published for concrete5/concrete5 (Composer) Nov 15, 2022
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML... Moderate Unreviewed
CVE-2016-3027 was published May 13, 2022
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior... Moderate Unreviewed
CVE-2018-0207 was published May 13, 2022
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior... Moderate Unreviewed
CVE-2018-0218 was published May 13, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi Moderate
CVE-2020-13940 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
XML External Entity Reference in org.opencms:opencms-core Moderate
CVE-2021-3312 was published for org.opencms:opencms-core (Maven) Oct 12, 2021
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference Moderate Unreviewed
CVE-2021-3836 was published Dec 15, 2021
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network... Moderate Unreviewed
CVE-2019-1698 was published May 13, 2022
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External... Moderate Unreviewed
CVE-2022-40771 was published Nov 23, 2022
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows... Moderate Unreviewed
CVE-2018-6670 was published May 13, 2022
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13,... Moderate Unreviewed
CVE-2018-1801 was published May 13, 2022
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an... Moderate Unreviewed
CVE-2022-3338 was published Oct 18, 2022
In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2... Moderate Unreviewed
CVE-2018-17889 was published May 13, 2022
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime... Moderate Unreviewed
CVE-2018-5434 was published May 13, 2022
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator -... Moderate Unreviewed
CVE-2018-5433 was published May 13, 2022
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an... Moderate Unreviewed
CVE-2022-38419 was published Oct 15, 2022
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an... Moderate Unreviewed
CVE-2018-0414 was published May 13, 2022
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow... Moderate Unreviewed
CVE-2018-0100 was published May 13, 2022
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to... Moderate Unreviewed
CVE-2018-0108 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database