Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

461 advisories

Loading
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an... High Unreviewed
CVE-2017-1149 was published May 17, 2022
perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An... High Unreviewed
CVE-2016-9181 was published May 17, 2022
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External... High Unreviewed
CVE-2016-8974 was published May 17, 2022
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity... High Unreviewed
CVE-2016-8980 was published May 17, 2022
IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files... High Unreviewed
CVE-2016-3033 was published May 17, 2022
IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read... High Unreviewed
CVE-2016-3055 was published May 17, 2022
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs... High Unreviewed
CVE-2021-42537 was published Jul 28, 2022
Access to external entities when parsing XML documents can lead to XML external entity (XXE)... High Unreviewed
CVE-2022-2414 was published Jul 30, 2022
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a... High Unreviewed
CVE-2022-27873 was published Jul 30, 2022
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP High
CVE-2022-40705 was published for soap:soap (Maven) Sep 23, 2022
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The... High Unreviewed
CVE-2022-42301 was published Oct 4, 2022
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection ... High Unreviewed
CVE-2022-34348 was published Sep 25, 2022
Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document... High Unreviewed
CVE-2016-6408 was published May 17, 2022
Improper Restriction of XML External Entity Reference in DiffPlug Spotless High
CVE-2019-9843 was published for com.diffplug.spotless:spotless-maven-plugin (Maven) Jul 5, 2019
XML External Entity injection in Apache Camel High
CVE-2019-0188 was published for org.apache.camel:camel-core (Maven) May 29, 2019
XXE vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2020-2108 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
NotMyFault
XML External Entity Reference in Jenkins Storable Configs Plugin High
CVE-2022-30971 was published for org.jvnet.hudson.plugins:storable-configs-plugin (Maven) May 18, 2022
NotMyFault
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External... High Unreviewed
CVE-2019-4513 was published May 24, 2022
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity... High Unreviewed
CVE-2019-4340 was published May 24, 2022
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is... High Unreviewed
CVE-2019-4424 was published May 24, 2022
IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0... High Unreviewed
CVE-2019-4433 was published May 24, 2022
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity... High Unreviewed
CVE-2019-6179 was published May 24, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection... High Unreviewed
CVE-2022-36773 was published Sep 2, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter... High Unreviewed
CVE-2022-29801 was published May 21, 2022
XML External Entity Reference in Jenkins Recipe Plugin High
CVE-2022-34793 was published for org.jenkins-ci.plugins:recipe (Maven) Jul 1, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database