Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

246 advisories

Loading
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and... Critical Unreviewed
CVE-2016-7460 was published May 17, 2022
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. Critical Unreviewed
CVE-2021-45981 was published Jun 3, 2022
Improper Restriction of XML External Entity Reference in Stanford CoreNLP Critical
CVE-2021-3878 was published for edu.stanford.nlp:stanford-corenlp (Maven) May 24, 2022
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that... Critical Unreviewed
CVE-2022-28219 was published Apr 6, 2022
Improper Restriction of XML External Entity Reference in Liquibase Critical
CVE-2022-0839 was published for org.liquibase:liquibase-core (Maven) Mar 5, 2022
Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for rg.mule.modules:mule-apikit-module (Maven) May 24, 2022
dom4j allows External Entities by default which might enable XXE attacks Critical
CVE-2020-10683 was published for dom4j:dom4j (Maven) Jun 5, 2020
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2015-3208 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed
CVE-2015-8866 was published May 14, 2022
Improper Restriction of XML External Entity Reference in Apache OpenNLP Critical
CVE-2017-12620 was published for org.apache.opennlp:opennlp-tools (Maven) May 17, 2022
Improper Restriction of XML External Entity Reference in Apace Derby Critical
CVE-2015-1832 was published for org.apache.derby:derby (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in soa-model Critical
CVE-2021-43090 was published for com.predic8:soa-model-core (Maven) Mar 26, 2022
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected... Critical Unreviewed
CVE-2022-22795 was published Mar 11, 2022
exist-db:exist-core XML External Entity (XXE) vulnerability Critical
CVE-2018-1000823 was published for org.exist-db:exist-core (Maven) Dec 20, 2018
XML External Entity (XXE) vulnerability in bw-calendar-engine Critical
CVE-2018-1000836 was published for org.bedework.caleng:bw-calendar-engine (Maven) Dec 20, 2018
XML External Entity Reference in mchange:c3p0 Critical
CVE-2018-20433 was published for com.mchange:c3p0 (Maven) Jan 7, 2019
Eclipse RDF4j vulnerable to XML External Entitiy Critical
CVE-2018-1000644 was published for org.eclipse.rdf4j:rdf4j-runtime (Maven) Oct 19, 2018
XML External Entity (XXE) vulnerability in Square Retrofit Critical
CVE-2018-1000844 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
XML External Entity (XXE) vulnerability in codelibs fess Critical
CVE-2018-1000822 was published for org.codelibs.fess:fess (Maven) Dec 20, 2018
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Critical
CVE-2018-15531 was published for net.bull.javamelody:javamelody-core (Maven) Oct 17, 2018
jackson-dataformat-xml vulnerable to XML external entity (XXE) Critical
CVE-2016-3720 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database