Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

320 advisories

Loading
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A... Moderate Unreviewed
CVE-2023-20052 was published Mar 1, 2023
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
GHSA-9vx8-f5c4-862x was published for org.neo4j.procedure:apoc (Maven) Feb 24, 2023
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver... Moderate Unreviewed
CVE-2023-26267 was published Feb 21, 2023
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
CVE-2023-23926 was published for org.neo4j.procedure:apoc-core (Maven) Feb 16, 2023
Lojjs
Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX... Moderate Unreviewed
CVE-2023-22322 was published Jan 30, 2023
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic.... Moderate Unreviewed
CVE-2022-4818 was published Dec 28, 2022
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line... Moderate Unreviewed
CVE-2022-37911 was published Dec 12, 2022
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom... Moderate Unreviewed
CVE-2022-46827 was published Dec 8, 2022
An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2... Moderate Unreviewed
CVE-2022-45326 was published Dec 6, 2022
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External... Moderate Unreviewed
CVE-2022-40771 was published Nov 23, 2022
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin Moderate
CVE-2022-45397 was published for org.jenkins-ci:update-center2 (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability on agents in Jenkins SourceMonitor Plugin Moderate
CVE-2022-45396 was published for com.thalesgroup.hudson.plugins:sourcemonitor (Maven) Nov 16, 2022
NotMyFault
XML External Entity Reference in Jenkins Violations Plugin Moderate
CVE-2022-45386 was published for org.jenkins-ci.plugins:violations (Maven) Nov 16, 2022
NotMyFault
A vulnerability in the module import function of the administrative interface of Cisco Firepower... Moderate Unreviewed
CVE-2022-20938 was published Nov 16, 2022
Concrete CMS vulnerable to XML External Entity Moderate
CVE-2022-43689 was published for concrete5/concrete5 (Composer) Nov 15, 2022
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash... Moderate Unreviewed
CVE-2022-45194 was published Nov 12, 2022
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform... Moderate Unreviewed
CVE-2022-43570 was published Nov 5, 2022
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an... Moderate Unreviewed
CVE-2022-3338 was published Oct 18, 2022
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an... Moderate Unreviewed
CVE-2022-38419 was published Oct 15, 2022
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2022-41241 was published for net.praqma:rqm-plugin (Maven) Sep 22, 2022
NotMyFault
Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity ... Moderate Unreviewed
CVE-2022-38342 was published Sep 14, 2022
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows... Moderate Unreviewed
CVE-2022-2330 was published Aug 31, 2022
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling... Moderate Unreviewed
CVE-2022-2838 was published Aug 17, 2022
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's... Moderate Unreviewed
CVE-2020-14379 was published Aug 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database