Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

261 advisories

Loading
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser... Critical Unreviewed
CVE-2018-1000837 was published May 13, 2022
SimpleXML vulnerable to XML External Entity (XXE) Critical
CVE-2017-1000190 was published for org.simpleframework:simple-xml (Maven) May 14, 2022
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed
CVE-2016-6256 was published May 14, 2022
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. Critical Unreviewed
CVE-2018-20664 was published May 14, 2022
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML... Critical Unreviewed
CVE-2014-0030 was published May 14, 2022
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows... Critical Unreviewed
CVE-2014-3990 was published May 14, 2022
XXE issue in Airsonic before 10.1.2 during parse. Critical Unreviewed
CVE-2018-20222 was published May 14, 2022
Apache ActiveMQ Apollo XXE Vulnerability Critical
CVE-2014-3579 was published for org.apache.activemq:apollo-project (Maven) May 14, 2022
MarkLee131
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2014-3600 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed
CVE-2019-5918 was published May 14, 2022
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2018-9116 was published May 14, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed
CVE-2015-8866 was published May 14, 2022
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man... Critical Unreviewed
CVE-2018-1000829 was published May 14, 2022
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 Critical Unreviewed
CVE-2018-15362 was published May 14, 2022
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. Critical Unreviewed
CVE-2019-5748 was published May 14, 2022
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the... Critical Unreviewed
CVE-2018-20318 was published May 14, 2022
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in... Critical Unreviewed
CVE-2018-1000825 was published May 14, 2022
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser... Critical Unreviewed
CVE-2018-1000830 was published May 14, 2022
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability... Critical Unreviewed
CVE-2018-1000821 was published May 14, 2022
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response... Critical Unreviewed
CVE-2018-1000831 was published May 14, 2022
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in... Critical Unreviewed
CVE-2018-1000834 was published May 14, 2022
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML... Critical Unreviewed
CVE-2018-1000838 was published May 14, 2022
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE)... Critical Unreviewed
CVE-2018-15805 was published May 14, 2022
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1... Critical Unreviewed
CVE-2018-17411 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database