Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+

311 advisories

Loading
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp... Moderate Unreviewed
CVE-2018-10832 was published May 14, 2022
XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin Moderate
CVE-2018-1000198 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 14, 2022
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. Moderate Unreviewed
CVE-2018-11719 was published May 14, 2022
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS)... Moderate Unreviewed
CVE-2018-8533 was published May 14, 2022
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS)... Moderate Unreviewed
CVE-2018-8527 was published May 14, 2022
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS)... Moderate Unreviewed
CVE-2018-8532 was published May 14, 2022
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that... Moderate Unreviewed
CVE-2018-19371 was published May 14, 2022
S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote... Moderate Unreviewed
CVE-2018-20298 was published May 14, 2022
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows... Moderate Unreviewed
CVE-2018-20233 was published May 14, 2022
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE)... Moderate Unreviewed
CVE-2018-1000840 was published May 14, 2022
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a... Moderate Unreviewed
CVE-2019-0265 was published May 14, 2022
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML... Moderate Unreviewed
CVE-2019-0277 was published May 14, 2022
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML... Moderate Unreviewed
CVE-2018-1000069 was published May 14, 2022
Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows... Moderate Unreviewed
CVE-2017-8557 was published May 14, 2022
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from... Moderate Unreviewed
CVE-2017-18110 was published May 14, 2022
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of... Moderate Unreviewed
CVE-2019-8997 was published May 14, 2022
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML... Moderate Unreviewed
CVE-2019-0284 was published May 14, 2022
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read... Moderate Unreviewed
CVE-2013-1824 was published May 14, 2022
Improper Restriction of XML External Entity Reference in Apache uimaj Moderate
CVE-2017-15691 was published for org.apache.uima:uimafit-core (Maven) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2683 was published for zendframework/zendframework1 (Composer) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2682 was published for zendframework/zendframework1 (Composer) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2681 was published for zendframework/zendframework1 (Composer) May 14, 2022
The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2... Moderate Unreviewed
CVE-2017-8710 was published May 13, 2022
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access... Moderate Unreviewed
CVE-2017-3839 was published May 13, 2022
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ... Moderate Unreviewed
CVE-2017-3548 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database