Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

246 advisories

Loading
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf Critical
CVE-2021-46849 was published for pikepdf (pip) Oct 24, 2022 withdrawn
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer Critical
CVE-2022-23640 was published for com.monitorjbl:xlsx-streamer (Maven) Mar 2, 2022
pjfanning
XXE attack in Mapfish Print Critical
CVE-2020-15232 was published for org.mapfish.print:print-lib (Maven) Jul 7, 2020
XML External Entity Reference (XXE) in jackson-databind Critical
CVE-2018-14720 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
G-Rath
An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML... Critical Unreviewed
CVE-2023-28151 was published Mar 24, 2023
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external... Critical Unreviewed
CVE-2023-28150 was published Mar 25, 2023
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external... Critical Unreviewed
CVE-2023-28152 was published Mar 24, 2023
An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE... Critical Unreviewed
CVE-2023-1288 was published Mar 9, 2023
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary... Critical Unreviewed
CVE-2023-24189 was published Feb 25, 2023
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects... Critical Unreviewed
CVE-2015-10082 was published Feb 21, 2023
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0... Critical Unreviewed
CVE-2022-39954 was published Feb 16, 2023
XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09. Critical Unreviewed
CVE-2022-45588 was published Feb 3, 2023
It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable... Critical Unreviewed
CVE-2017-7465 was published May 13, 2022
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-38389 was published Feb 3, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-22486 was published Feb 3, 2023
Improper Restriction of XML External Entity Reference in Jelly Critical
CVE-2017-12621 was published for commons-jelly:commons-jelly (Maven) May 17, 2022
Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). Critical Unreviewed
CVE-2022-47873 was published Feb 1, 2023
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24429 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
Improper Restriction of XML External Entity Reference in Any23 Critical
CVE-2022-25312 was published for org.apache.any23:apache-any23 (Maven) Mar 6, 2022
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was... Critical Unreviewed
CVE-2022-24340 was published Feb 26, 2022
XML External Entity Reference in Hazelcast Critical
CVE-2022-0265 was published for com.hazelcast:hazelcast (Maven) Mar 4, 2022
aiannucci
Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. Critical Unreviewed
CVE-2021-46660 was published Jan 31, 2022
corenlp is vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2022-0239 was published for edu.stanford.nlp:stanford-corenlp (Maven) Jan 21, 2022
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML... Critical Unreviewed
CVE-2021-40722 was published Jan 14, 2022
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 ... Critical Unreviewed
CVE-2017-14759 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database