Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

447 advisories

Loading
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. High Unreviewed
CVE-2023-22624 was published Jan 17, 2023
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A... High Unreviewed
CVE-2023-23595 was published Jan 15, 2023
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec... High Unreviewed
CVE-2022-25628 was published Dec 21, 2022
An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote... High Unreviewed
CVE-2022-47514 was published Dec 18, 2022
Jenkins Plot Plugin XML External Entity Reference vulnerability High
CVE-2022-46682 was published for org.jenkins-ci.plugins:plot (Maven) Dec 12, 2022
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can... High Unreviewed
CVE-2022-40304 was published Nov 23, 2022
XXE vulnerability in Jenkins JAPEX Plugin High
CVE-2022-45400 was published for org.jvnet.hudson.plugins:japex (Maven) Nov 16, 2022
NotMyFault
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote... High Unreviewed
CVE-2022-3340 was published Nov 4, 2022
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This... High Unreviewed
CVE-2022-42745 was published Nov 4, 2022
XXE vulnerability in Jenkins REPO Plugin High
CVE-2022-43415 was published for org.jenkins-ci.plugins:repo (Maven) Oct 19, 2022
NotMyFault
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43430 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an... High Unreviewed
CVE-2022-42341 was published Oct 15, 2022
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The... High Unreviewed
CVE-2022-42301 was published Oct 4, 2022
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection ... High Unreviewed
CVE-2022-34348 was published Sep 25, 2022
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP High
CVE-2022-40705 was published for soap:soap (Maven) Sep 23, 2022
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-41226 was published for com.compuware.jenkins:compuware-common-configuration (Maven) Sep 22, 2022
NotMyFault
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS) High
CVE-2022-37189 was published for mei2volpiano (pip) Sep 8, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection... High Unreviewed
CVE-2022-36773 was published Sep 2, 2022
Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by... High Unreviewed
CVE-2022-2759 was published Sep 1, 2022
Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus... High Unreviewed
CVE-2020-21641 was published Aug 16, 2022
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with... High Unreviewed
CVE-2022-2458 was published Aug 11, 2022
untangle vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-31471 was published for untangle (pip) Aug 6, 2022
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a... High Unreviewed
CVE-2022-27873 was published Jul 30, 2022
Access to external entities when parsing XML documents can lead to XML external entity (XXE)... High Unreviewed
CVE-2022-2414 was published Jul 30, 2022
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs... High Unreviewed
CVE-2021-42537 was published Jul 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database