Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,952
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,252
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

263 advisories

Loading
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000614 was published May 14, 2022
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5... Critical Unreviewed
CVE-2018-11640 was published May 14, 2022
PHPOffice Common Improper Restriction of XML External Entity Reference Critical
CVE-2018-14065 was published for phpoffice/common (Composer) May 14, 2022
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external... Critical Unreviewed
CVE-2018-14473 was published May 14, 2022
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. Critical Unreviewed
CVE-2015-7326 was published May 14, 2022
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Critical Unreviewed
CVE-2015-7241 was published May 14, 2022
Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2015-3208 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022 withdrawn
dsten56
Credited to dsten56
In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13416 was published May 14, 2022
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13415 was published May 14, 2022
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13417 was published May 14, 2022
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML... Critical Unreviewed
CVE-2018-1000652 was published May 14, 2022
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can... Critical Unreviewed
CVE-2018-1000651 was published May 14, 2022
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in... Critical Unreviewed
CVE-2018-16521 was published May 14, 2022
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1... Critical Unreviewed
CVE-2018-17411 was published May 14, 2022
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE)... Critical Unreviewed
CVE-2018-15805 was published May 14, 2022
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML... Critical Unreviewed
CVE-2018-1000838 was published May 14, 2022
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in... Critical Unreviewed
CVE-2018-1000834 was published May 14, 2022
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response... Critical Unreviewed
CVE-2018-1000831 was published May 14, 2022
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser... Critical Unreviewed
CVE-2018-1000830 was published May 14, 2022
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability... Critical Unreviewed
CVE-2018-1000821 was published May 14, 2022
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in... Critical Unreviewed
CVE-2018-1000825 was published May 14, 2022
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
Credited to q5438722
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the... Critical Unreviewed
CVE-2018-20318 was published May 14, 2022
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. Critical Unreviewed
CVE-2019-5748 was published May 14, 2022
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 Critical Unreviewed
CVE-2018-15362 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database