GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
162 advisories
Filter by severity
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected...
Critical
Unreviewed
CVE-2022-22795
was published
Mar 11, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not...
Critical
Unreviewed
CVE-2015-8866
was published
May 14, 2022
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that...
Critical
Unreviewed
CVE-2022-28219
was published
Apr 6, 2022
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.
Critical
Unreviewed
CVE-2021-45981
was published
Jun 3, 2022
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and...
Critical
Unreviewed
CVE-2016-7460
was published
May 17, 2022
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity...
Critical
Unreviewed
CVE-2017-1383
was published
May 17, 2022
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4...
Critical
Unreviewed
CVE-2021-45024
was published
Jun 18, 2022
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity...
Critical
Unreviewed
CVE-2022-22489
was published
Aug 20, 2022
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection...
Critical
Unreviewed
CVE-2022-23170
was published
Jun 25, 2022
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by...
Critical
Unreviewed
CVE-2016-6111
was published
May 17, 2022
An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library...
Critical
Unreviewed
CVE-2017-10670
was published
May 17, 2022
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform...
Critical
Unreviewed
CVE-2017-7503
was published
May 17, 2022
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a...
Critical
Unreviewed
CVE-2016-9706
was published
May 17, 2022
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.
Critical
Unreviewed
CVE-2015-7273
was published
May 17, 2022
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5,...
Critical
Unreviewed
CVE-2016-8348
was published
May 17, 2022
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data...
Critical
Unreviewed
CVE-2017-6895
was published
May 17, 2022
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin...
Critical
Unreviewed
CVE-2022-35741
was published
Jul 19, 2022
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in...
Critical
Unreviewed
CVE-2022-2131
was published
Jul 26, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4...
Critical
Unreviewed
CVE-2022-31775
was published
Aug 2, 2022
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The...
Critical
Unreviewed
CVE-2022-42307
was published
Oct 4, 2022
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This...
Critical
Unreviewed
CVE-2021-4311
was published
Jan 9, 2023
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and...
Critical
Unreviewed
CVE-2022-3980
was published
Nov 16, 2022
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via...
Critical
Unreviewed
CVE-2021-26703
was published
May 24, 2022
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.
Critical
Unreviewed
CVE-2020-35604
was published
May 24, 2022
MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a...
Critical
Unreviewed
CVE-2021-1628
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API