Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

326 advisories

Loading
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Moderate Unreviewed
CVE-2020-24379 was published May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates.... Moderate Unreviewed
CVE-2020-24591 was published May 24, 2022
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files... Moderate Unreviewed
CVE-2019-17637 was published May 24, 2022
Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an... Moderate Unreviewed
CVE-2020-12025 was published May 24, 2022
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the... Moderate Unreviewed
CVE-2020-6238 was published May 24, 2022
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2019-12415 was published for org.apache.poi:poi (Maven) May 24, 2022
WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. Moderate Unreviewed
CVE-2019-14276 was published May 24, 2022
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco... Moderate Unreviewed
CVE-2019-12711 was published May 24, 2022
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable... Moderate Unreviewed
CVE-2019-9488 was published May 24, 2022
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin... Moderate Unreviewed
CVE-2019-15641 was published May 24, 2022
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened... Moderate Unreviewed
CVE-2019-0340 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). Moderate Unreviewed
CVE-2017-18438 was published May 24, 2022
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered... Moderate Unreviewed
CVE-2019-10976 was published May 24, 2022
Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information... Moderate Unreviewed
CVE-2019-1010202 was published May 24, 2022
Intersystems Cache 2017.2.2.865.0 allows XXE. Moderate Unreviewed
CVE-2018-17152 was published May 24, 2022
Jenkins Self-Organizing Swarm Plug-in Modules Plugin XXE vulnerability via UDP broadcast response Moderate
CVE-2019-10309 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE... Moderate Unreviewed
CVE-2019-11519 was published May 24, 2022
An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console... Moderate Unreviewed
CVE-2018-17289 was published May 24, 2022
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain... Moderate Unreviewed
CVE-2010-3322 was published May 17, 2022
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files... Moderate Unreviewed
CVE-2012-2239 was published May 17, 2022
Zend Framework XXE Vulnerability Moderate
CVE-2012-5657 was published for zendframework/zendframework1 (Composer) May 17, 2022
XML Entity Expansion (XEE) in Django Moderate
CVE-2013-1664 was published for Django (pip) May 17, 2022
MarkLee131
XML External Entity (XXE) in Django Moderate
CVE-2013-1665 was published for Django (pip) May 17, 2022
MarkLee131
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3... Moderate Unreviewed
CVE-2012-3489 was published May 17, 2022
SOAPpy vulnerable to XML External Entity attacks Moderate
CVE-2014-3242 was published for SOAPpy (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database