GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
238 advisories
Filter by severity
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4...
Moderate
Unreviewed
CVE-2021-44147
was published
Nov 23, 2021
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference
Moderate
Unreviewed
CVE-2021-3836
was published
Dec 15, 2021
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a...
Moderate
Unreviewed
CVE-2021-45096
was published
Dec 17, 2021
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file...
Moderate
Unreviewed
CVE-2021-44028
was published
Dec 23, 2021
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14...
Moderate
Unreviewed
CVE-2022-23031
was published
Jan 26, 2022
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the...
Moderate
Unreviewed
CVE-2022-22835
was published
Mar 11, 2022
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10...
Moderate
Unreviewed
CVE-2022-0861
was published
Mar 24, 2022
When opening a malicious solution file provided by an attacker, the application suffers from an...
Moderate
Unreviewed
CVE-2022-1018
was published
Apr 3, 2022
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could...
Moderate
Unreviewed
CVE-2022-0221
was published
Apr 14, 2022
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted...
Moderate
Unreviewed
CVE-2021-43990
was published
Apr 21, 2022
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML...
Moderate
Unreviewed
CVE-2016-9563
was published
Apr 30, 2022
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to...
Moderate
Unreviewed
CVE-2005-1306
was published
May 1, 2022
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references...
Moderate
Unreviewed
CVE-2022-1331
was published
May 4, 2022
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice...
Moderate
Unreviewed
CVE-2012-0037
was published
May 4, 2022
Talend Administration Center has a vulnerability that allows an authenticated user to use XML...
Moderate
Unreviewed
CVE-2022-29943
was published
May 5, 2022
expat 2.1.0 and earlier does not properly handle entities expansion unless an application...
Moderate
Unreviewed
CVE-2013-0340
was published
May 5, 2022
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x...
Moderate
Unreviewed
CVE-2017-8040
was published
May 13, 2022
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows...
Moderate
Unreviewed
CVE-2017-11457
was published
May 13, 2022
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote...
Moderate
Unreviewed
CVE-2018-10077
was published
May 13, 2022
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML...
Moderate
Unreviewed
CVE-2016-3027
was published
May 13, 2022
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior...
Moderate
Unreviewed
CVE-2018-0218
was published
May 13, 2022
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior...
Moderate
Unreviewed
CVE-2018-0207
was published
May 13, 2022
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option...
Moderate
Unreviewed
CVE-2015-3451
was published
May 13, 2022
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network...
Moderate
Unreviewed
CVE-2019-1698
was published
May 13, 2022
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows...
Moderate
Unreviewed
CVE-2018-6670
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API