GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,645
Composer 4,233
Erlang 31
GitHub Actions 20
Go 1,992
Maven 5,179
npm 3,709
NuGet 661
pip 3,346
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 234,924

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

231 advisories

Filter by severity

Sort by

Least recently updated

An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4... Moderate Unreviewed

CVE-2021-44147 was published Nov 23, 2021

dbeaver is vulnerable to Improper Restriction of XML External Entity Reference Moderate Unreviewed

CVE-2021-3836 was published Dec 15, 2021

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a... Moderate Unreviewed

CVE-2021-45096 was published Dec 17, 2021

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file... Moderate Unreviewed

CVE-2021-44028 was published Dec 23, 2021

On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14... Moderate Unreviewed

CVE-2022-23031 was published Jan 26, 2022

An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the... Moderate Unreviewed

CVE-2022-22835 was published Mar 11, 2022

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10... Moderate Unreviewed

CVE-2022-0861 was published Mar 24, 2022

When opening a malicious solution file provided by an attacker, the application suffers from an... Moderate Unreviewed

CVE-2022-1018 was published Apr 3, 2022

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed

CVE-2022-0221 was published Apr 14, 2022

The affected product is vulnerable to a network-based attack by threat actors supplying a crafted... Moderate Unreviewed

CVE-2021-43990 was published Apr 21, 2022

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML... Moderate Unreviewed

CVE-2016-9563 was published Apr 30, 2022

The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to... Moderate Unreviewed

CVE-2005-1306 was published May 1, 2022

In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references... Moderate Unreviewed

CVE-2022-1331 was published May 4, 2022

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice... Moderate Unreviewed

CVE-2012-0037 was published May 4, 2022

Talend Administration Center has a vulnerability that allows an authenticated user to use XML... Moderate Unreviewed

CVE-2022-29943 was published May 5, 2022

expat 2.1.0 and earlier does not properly handle entities expansion unless an application... Moderate Unreviewed

CVE-2013-0340 was published May 5, 2022

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x... Moderate Unreviewed

CVE-2017-8040 was published May 13, 2022

XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows... Moderate Unreviewed

CVE-2017-11457 was published May 13, 2022

XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote... Moderate Unreviewed

CVE-2018-10077 was published May 13, 2022

IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML... Moderate Unreviewed

CVE-2016-3027 was published May 13, 2022

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior... Moderate Unreviewed

CVE-2018-0218 was published May 13, 2022

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior... Moderate Unreviewed

CVE-2018-0207 was published May 13, 2022

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option... Moderate Unreviewed

CVE-2015-3451 was published May 13, 2022

A vulnerability in the web-based user interface of Cisco Internet of Things Field Network... Moderate Unreviewed

CVE-2019-1698 was published May 13, 2022

External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows... Moderate Unreviewed

CVE-2018-6670 was published May 13, 2022

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

231 advisories