Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

461 advisories

Loading
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS High
CVE-2016-8739 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted... High Unreviewed
CVE-2017-1000061 was published May 13, 2022
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote... High Unreviewed
CVE-2017-8913 was published May 13, 2022
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents... High Unreviewed
CVE-2018-2492 was published May 13, 2022
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15... High Unreviewed
CVE-2018-13823 was published May 13, 2022
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to... High Unreviewed
CVE-2013-1915 was published May 13, 2022
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data... High Unreviewed
CVE-2018-11048 was published May 13, 2022
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE... High Unreviewed
CVE-2017-1477 was published May 13, 2022
Improper Restriction of XML External Entity Reference in iText High
CVE-2017-9096 was published for com.itextpdf:itextpdf (Maven) May 13, 2022
AndrzejBiernacki2010
Improper Restriction of XML External Entity Reference in Apache Batik High
CVE-2017-5662 was published for org.apache.xmlgraphics:batik (Maven) May 13, 2022
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have... High Unreviewed
CVE-2018-4942 was published May 13, 2022
Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4... High Unreviewed
CVE-2017-11286 was published May 13, 2022
The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update... High Unreviewed
CVE-2016-4264 was published May 13, 2022
IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External... High Unreviewed
CVE-2019-4043 was published May 13, 2022
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis... High Unreviewed
CVE-2019-10244 was published May 13, 2022
IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity... High Unreviewed
CVE-2018-2019 was published May 13, 2022
SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document... High Unreviewed
CVE-2018-2401 was published May 13, 2022
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack... High Unreviewed
CVE-2018-1970 was published May 13, 2022
IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection ... High Unreviewed
CVE-2018-1920 was published May 13, 2022
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity... High Unreviewed
CVE-2018-1905 was published May 13, 2022
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE... High Unreviewed
CVE-2018-1844 was published May 13, 2022
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable... High Unreviewed
CVE-2018-1846 was published May 13, 2022
IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity... High Unreviewed
CVE-2018-1835 was published May 13, 2022
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity... High Unreviewed
CVE-2018-1747 was published May 13, 2022
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when... High Unreviewed
CVE-2018-1730 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database