GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,144
Composer 4,333
Erlang 31
GitHub Actions 22
Go 2,095
Maven 5,265
npm 3,760
NuGet 678
pip 3,446
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,481

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

316 advisories

Filter by severity

Sort by

Least recently updated

An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the... High Unreviewed

CVE-2021-33950 was published Feb 17, 2023

Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection... High Unreviewed

CVE-2023-24323 was published Feb 9, 2023

Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component:... High Unreviewed

CVE-2023-21862 was published Jan 18, 2023

Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. High Unreviewed

CVE-2023-22624 was published Jan 17, 2023

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A... High Unreviewed

CVE-2023-23595 was published Jan 15, 2023

An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec... High Unreviewed

CVE-2022-25628 was published Dec 21, 2022

An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote... High Unreviewed

CVE-2022-47514 was published Dec 18, 2022

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can... High Unreviewed

CVE-2022-40304 was published Nov 23, 2022

XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote... High Unreviewed

CVE-2022-3340 was published Nov 4, 2022

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This... High Unreviewed

CVE-2022-42745 was published Nov 4, 2022

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an... High Unreviewed

CVE-2022-42341 was published Oct 15, 2022

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The... High Unreviewed

CVE-2022-42301 was published Oct 4, 2022

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection ... High Unreviewed

CVE-2022-34348 was published Sep 25, 2022

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection... High Unreviewed

CVE-2022-36773 was published Sep 2, 2022

Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by... High Unreviewed

CVE-2022-2759 was published Sep 1, 2022

Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus... High Unreviewed

CVE-2020-21641 was published Aug 16, 2022

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with... High Unreviewed

CVE-2022-2458 was published Aug 11, 2022

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a... High Unreviewed

CVE-2022-27873 was published Jul 30, 2022

Access to external entities when parsing XML documents can lead to XML external entity (XXE)... High Unreviewed

CVE-2022-2414 was published Jul 30, 2022

VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs... High Unreviewed

CVE-2021-42537 was published Jul 28, 2022

Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient... High Unreviewed

CVE-2022-32458 was published Jul 21, 2022

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML... High Unreviewed

CVE-2022-22358 was published Jul 20, 2022

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker... High Unreviewed

CVE-2022-35168 was published Jul 13, 2022

XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system... High Unreviewed

CVE-2021-40510 was published Jun 22, 2022

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions <... High Unreviewed

CVE-2022-32285 was published Jun 15, 2022

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

316 advisories