Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,425
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

240 advisories

Loading
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge... Moderate Unreviewed
CVE-2020-28387 was published May 24, 2022
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in... Moderate Unreviewed
CVE-2021-26969 was published May 24, 2022
SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office,... Moderate Unreviewed
CVE-2021-21470 was published May 24, 2022
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization ... Moderate Unreviewed
CVE-2020-26981 was published May 24, 2022
IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE... Moderate Unreviewed
CVE-2020-4606 was published May 24, 2022
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to... Moderate Unreviewed
CVE-2020-29436 was published May 24, 2022
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists... Moderate Unreviewed
CVE-2020-35123 was published May 24, 2022
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used... Moderate Unreviewed
CVE-2020-26513 was published May 24, 2022
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated... Moderate Unreviewed
CVE-2020-7032 was published May 24, 2022
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an... Moderate Unreviewed
CVE-2020-8256 was published May 24, 2022
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There is XXE with resultant SSRF... Moderate Unreviewed
CVE-2020-15772 was published May 24, 2022
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Moderate Unreviewed
CVE-2020-24379 was published May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates.... Moderate Unreviewed
CVE-2020-24591 was published May 24, 2022
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files... Moderate Unreviewed
CVE-2019-17637 was published May 24, 2022
Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an... Moderate Unreviewed
CVE-2020-12025 was published May 24, 2022
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the... Moderate Unreviewed
CVE-2020-6238 was published May 24, 2022
WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. Moderate Unreviewed
CVE-2019-14276 was published May 24, 2022
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco... Moderate Unreviewed
CVE-2019-12711 was published May 24, 2022
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable... Moderate Unreviewed
CVE-2019-9488 was published May 24, 2022
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin... Moderate Unreviewed
CVE-2019-15641 was published May 24, 2022
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened... Moderate Unreviewed
CVE-2019-0340 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). Moderate Unreviewed
CVE-2017-18438 was published May 24, 2022
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered... Moderate Unreviewed
CVE-2019-10976 was published May 24, 2022
Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information... Moderate Unreviewed
CVE-2019-1010202 was published May 24, 2022
Intersystems Cache 2017.2.2.865.0 allows XXE. Moderate Unreviewed
CVE-2018-17152 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database