Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,107 advisories

Loading
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote... Moderate Unreviewed
CVE-2015-7743 was published May 17, 2022
Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. Moderate Unreviewed
CVE-2022-34001 was published Jul 20, 2022
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access... High Unreviewed
CVE-2016-10097 was published May 17, 2022
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an... High Unreviewed
CVE-2017-1149 was published May 17, 2022
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a... Critical Unreviewed
CVE-2016-9706 was published May 17, 2022
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read... Moderate Unreviewed
CVE-2017-6344 was published May 17, 2022
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5,... Critical Unreviewed
CVE-2016-8348 was published May 17, 2022
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Critical Unreviewed
CVE-2015-7273 was published May 17, 2022
perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An... High Unreviewed
CVE-2016-9181 was published May 17, 2022
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML... Moderate Unreviewed
CVE-2016-5749 was published May 17, 2022
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin... Critical Unreviewed
CVE-2022-35741 was published Jul 19, 2022
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External... High Unreviewed
CVE-2016-8974 was published May 17, 2022
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity... High Unreviewed
CVE-2016-8980 was published May 17, 2022
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in... Critical Unreviewed
CVE-2022-2131 was published Jul 26, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... Critical Unreviewed
CVE-2022-31775 was published Aug 2, 2022
IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files... High Unreviewed
CVE-2016-3033 was published May 17, 2022
IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read... High Unreviewed
CVE-2016-3055 was published May 17, 2022
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs... High Unreviewed
CVE-2021-42537 was published Jul 28, 2022
Access to external entities when parsing XML documents can lead to XML external entity (XXE)... High Unreviewed
CVE-2022-2414 was published Jul 30, 2022
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a... High Unreviewed
CVE-2022-27873 was published Jul 30, 2022
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0... Moderate Unreviewed
CVE-2016-0284 was published May 17, 2022
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the... Moderate Unreviewed
CVE-2020-6238 was published May 24, 2022
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP High
CVE-2022-40705 was published for soap:soap (Maven) Sep 23, 2022
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The... High Unreviewed
CVE-2022-42301 was published Oct 4, 2022
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection ... High Unreviewed
CVE-2022-34348 was published Sep 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database