GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2...
Moderate
Unreviewed
CVE-2022-45326
was published
Dec 6, 2022
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External...
Moderate
Unreviewed
CVE-2022-40771
was published
Nov 23, 2022
XXE vulnerability on agents in Jenkins SourceMonitor Plugin
Moderate
CVE-2022-45396
was published
for
com.thalesgroup.hudson.plugins:sourcemonitor
(Maven)
Nov 16, 2022
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin
Moderate
CVE-2022-45397
was published
for
org.jenkins-ci:update-center2
(Maven)
Nov 16, 2022
XML External Entity Reference in Jenkins Violations Plugin
Moderate
CVE-2022-45386
was published
for
org.jenkins-ci.plugins:violations
(Maven)
Nov 16, 2022
A vulnerability in the module import function of the administrative interface of Cisco Firepower...
Moderate
Unreviewed
CVE-2022-20938
was published
Nov 16, 2022
Concrete CMS vulnerable to XML External Entity
Moderate
CVE-2022-43689
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash...
Moderate
Unreviewed
CVE-2022-45194
was published
Nov 12, 2022
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform...
Moderate
Unreviewed
CVE-2022-43570
was published
Nov 5, 2022
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an...
Moderate
Unreviewed
CVE-2022-3338
was published
Oct 18, 2022
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an...
Moderate
Unreviewed
CVE-2022-38419
was published
Oct 15, 2022
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2022-41241
was published
for
net.praqma:rqm-plugin
(Maven)
Sep 22, 2022
Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity ...
Moderate
Unreviewed
CVE-2022-38342
was published
Sep 14, 2022
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows...
Moderate
Unreviewed
CVE-2022-2330
was published
Aug 31, 2022
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling...
Moderate
Unreviewed
CVE-2022-2838
was published
Aug 17, 2022
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's...
Moderate
Unreviewed
CVE-2020-14379
was published
Aug 17, 2022
mofh Vulnerable to Improper Restriction of XML External Entity Reference
Moderate
GHSA-7r9x-qrpr-3cxw
was published
for
mofh
(pip)
Aug 11, 2022
Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously.
Moderate
Unreviewed
CVE-2022-34001
was published
Jul 20, 2022
XML External Entity Reference in Eclipse Lyo
Moderate
CVE-2021-41042
was published
for
org.eclipse.lyo:lyo-parent
(Maven)
Jul 8, 2022
HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2014-3599
was published
for
org.hornetq.rest:hornetq-rest
(Maven)
May 24, 2022
XXE vulnerability in Jenkins pom2config Plugin
Moderate
CVE-2021-43576
was published
for
org.jenkins-ci.plugins:pom2config
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Performance Plugin
Moderate
CVE-2021-21701
was published
for
org.jenkins-ci.plugins:performance
(Maven)
May 24, 2022
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote...
Moderate
Unreviewed
CVE-2021-20839
was published
May 24, 2022
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML...
Moderate
Unreviewed
CVE-2021-20801
was published
May 24, 2022
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE...
Moderate
Unreviewed
CVE-2021-40439
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API