Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,107 advisories

Loading
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability... High Unreviewed
CVE-2021-44477 was published Mar 26, 2022
Improper Restriction of XML External Entity Reference in soa-model Critical
CVE-2021-43090 was published for com.predic8:soa-model-core (Maven) Mar 26, 2022
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10... Moderate Unreviewed
CVE-2022-0861 was published Mar 24, 2022
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's... High Unreviewed
CVE-2021-42194 was published Mar 22, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter Moderate
CVE-2022-27193 was published for cvrf2csaf (pip) Mar 16, 2022
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected... Critical Unreviewed
CVE-2022-22795 was published Mar 11, 2022
Inline DTD allows XML bomb attack High
CVE-2019-15160 was published for sweet_xml (Erlang) Apr 12, 2022
exist-db:exist-core XML External Entity (XXE) vulnerability Critical
CVE-2018-1000823 was published for org.exist-db:exist-core (Maven) Dec 20, 2018
XML External Entity Reference High
GHSA-7qfm-6m33-rgg9 was published for com.epam.reportportal:service-api (Maven) Aug 13, 2021
Authenticated XML External Entity Processing Moderate
GHSA-8xv9-qcr9-ww9j was published for shopware/core (Composer) Oct 19, 2020
dahua966
XML External Entity (XXE) vulnerability in bw-calendar-engine Critical
CVE-2018-1000836 was published for org.bedework.caleng:bw-calendar-engine (Maven) Dec 20, 2018
XML External Entity Reference in mchange:c3p0 Critical
CVE-2018-20433 was published for com.mchange:c3p0 (Maven) Jan 7, 2019
Eclipse RDF4j vulnerable to XML External Entitiy Critical
CVE-2018-1000644 was published for org.eclipse.rdf4j:rdf4j-runtime (Maven) Oct 19, 2018
XML External Entity (XXE) vulnerability in Square Retrofit Critical
CVE-2018-1000844 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Apache juddi-client vulnerable to XML External Entity (XXE) High
CVE-2018-1307 was published for org.apache.juddi:juddi-client (Maven) Oct 19, 2018
XML External Entity (XXE) vulnerability in codelibs fess Critical
CVE-2018-1000822 was published for org.codelibs.fess:fess (Maven) Dec 20, 2018
Android SVG vulnerable to XML External Entity (XXE) High
CVE-2017-1000498 was published for com.caverock:androidsvg (Maven) Oct 19, 2018
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore High
CVE-2016-4216 was published for com.adobe.xmp:xmpcore (Maven) Oct 19, 2018
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack High
CVE-2018-11796 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle Moderate
CVE-2019-9658 was published for com.puppycrawl.tools:checkstyle (Maven) Mar 14, 2019
Moderate severity vulnerability that affects org.apache.ignite:ignite-core Moderate
CVE-2016-6805 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Critical
CVE-2018-15531 was published for net.bull.javamelody:javamelody-core (Maven) Oct 17, 2018
Apache Tika does not properly initialize the XML parser or choose handlers High
CVE-2016-4434 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents High
CVE-2018-0765 was published for System.Security.Cryptography.Xml (NuGet) Oct 16, 2018
High severity vulnerability that affects org.apache.pdfbox:pdfbox High
CVE-2016-2175 was published for org.apache.pdfbox:pdfbox (Maven) Oct 17, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database