Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,344
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,025 advisories

Loading
XML External Entity Reference in apache jena Critical
CVE-2022-28890 was published for org.apache.jena:jena (Maven) May 6, 2022
thomasredlin
expat 2.1.0 and earlier does not properly handle entities expansion unless an application... Moderate Unreviewed
CVE-2013-0340 was published May 5, 2022
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection... Critical Unreviewed
CVE-2013-4333 was published May 5, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... High Unreviewed
CVE-2022-20780 was published May 5, 2022
Talend Administration Center has a vulnerability that allows an authenticated user to use XML... Moderate Unreviewed
CVE-2022-29943 was published May 5, 2022
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice... Moderate Unreviewed
CVE-2012-0037 was published May 4, 2022
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service... High Unreviewed
CVE-2022-21949 was published May 4, 2022
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references... Moderate Unreviewed
CVE-2022-1331 was published May 4, 2022
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2... High Unreviewed
CVE-2009-1699 was published May 2, 2022
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to... Moderate Unreviewed
CVE-2005-1306 was published May 1, 2022
Multiple components in Apache NiFi do not restrict XML External Entity references High
CVE-2022-29265 was published for org.apache.nifi:nifi (Maven) May 1, 2022
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML... Moderate Unreviewed
CVE-2016-9563 was published Apr 30, 2022
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF... Critical Unreviewed
CVE-2022-24449 was published Apr 29, 2022
Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml Moderate
CVE-2022-24898 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 28, 2022
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external... High Unreviewed
CVE-2012-1102 was published Apr 23, 2022
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External... High Unreviewed
CVE-2011-3600 was published Apr 22, 2022
XML External Entity Reference in detekt High
CVE-2022-0272 was published for io.gitlab.arturbosch.detekt:detekt-core (Maven) Apr 22, 2022
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted... Moderate Unreviewed
CVE-2021-43990 was published Apr 21, 2022
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2022-0221 was published Apr 14, 2022
Inline DTD allows XML bomb attack High
CVE-2019-15160 was published for sweet_xml (Erlang) Apr 12, 2022
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that... Critical Unreviewed
CVE-2022-28219 was published Apr 6, 2022
When opening a malicious solution file provided by an attacker, the application suffers from an... Moderate Unreviewed
CVE-2022-1018 was published Apr 3, 2022
Improper Restriction of XML External Entity Reference in wutka jox Moderate
CVE-2021-43142 was published for com.wutka:jox (Maven) Apr 1, 2022
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA... High Unreviewed
CVE-2021-33208 was published Apr 1, 2022
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin High
CVE-2022-28155 was published for com.surenpi.jenkins:phoenix-autotest (Maven) Mar 30, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database