Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

461 advisories

Loading
The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before... High Unreviewed
CVE-2017-18111 was published May 14, 2022
Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. High Unreviewed
CVE-2019-3481 was published May 14, 2022
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. High Unreviewed
CVE-2017-1000021 was published May 14, 2022
An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or... High Unreviewed
CVE-2019-9761 was published May 14, 2022
An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x... High Unreviewed
CVE-2017-5828 was published May 14, 2022
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against... High Unreviewed
CVE-2018-19858 was published May 14, 2022
Improper Restriction of XML External Entity Reference in PMD High
CVE-2019-7722 was published for net.sourceforge.pmd:pmd-core (Maven) May 14, 2022
Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability... High Unreviewed
CVE-2018-1000889 was published May 14, 2022
In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain... High Unreviewed
CVE-2018-7063 was published May 14, 2022
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. High Unreviewed
CVE-2018-20733 was published May 14, 2022
An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous... High Unreviewed
CVE-2018-7837 was published May 14, 2022
An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option... High Unreviewed
CVE-2018-19244 was published May 14, 2022
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network... High Unreviewed
CVE-2018-18980 was published May 14, 2022
LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE)... High Unreviewed
CVE-2018-16166 was published May 14, 2022
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE)... High Unreviewed
CVE-2018-20157 was published May 14, 2022
An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string.... High Unreviewed
CVE-2018-18737 was published May 14, 2022
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external... High Unreviewed
CVE-2018-12243 was published May 14, 2022
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is... High Unreviewed
CVE-2018-18659 was published May 14, 2022
Apache XML-RPC XXE Vulnerability High
CVE-2016-5002 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser... High Unreviewed
CVE-2018-8494 was published May 14, 2022
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to... High Unreviewed
CVE-2018-12585 was published May 14, 2022
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser... High Unreviewed
CVE-2018-8420 was published May 14, 2022
XML External Entity Reference in Apache Cayenne High
CVE-2018-11758 was published for org.apache.cayenne:cayenne-parent (Maven) May 14, 2022
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service ... High Unreviewed
CVE-2018-16303 was published May 14, 2022
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read... High Unreviewed
CVE-2016-7459 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database