Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,425
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

240 advisories

Loading
Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE... Moderate Unreviewed
CVE-2019-11519 was published May 24, 2022
An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console... Moderate Unreviewed
CVE-2018-17289 was published May 24, 2022
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain... Moderate Unreviewed
CVE-2010-3322 was published May 17, 2022
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files... Moderate Unreviewed
CVE-2012-2239 was published May 17, 2022
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3... Moderate Unreviewed
CVE-2012-3489 was published May 17, 2022
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0... Moderate Unreviewed
CVE-2016-0284 was published May 17, 2022
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote... Moderate Unreviewed
CVE-2015-7743 was published May 17, 2022
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read... Moderate Unreviewed
CVE-2017-6344 was published May 17, 2022
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. Moderate Unreviewed
CVE-2016-4931 was published May 17, 2022
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML... Moderate Unreviewed
CVE-2016-5749 was published May 17, 2022
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access... Moderate Unreviewed
CVE-2016-5748 was published May 17, 2022
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity ... Moderate Unreviewed
CVE-2017-8056 was published May 17, 2022
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager... Moderate Unreviewed
CVE-2017-9295 was published May 17, 2022
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to... Moderate Unreviewed
CVE-2017-2308 was published May 17, 2022
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an... Moderate Unreviewed
CVE-2016-0254 was published May 17, 2022
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware... Moderate Unreviewed
CVE-2017-7907 was published May 17, 2022
An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated,... Moderate Unreviewed
CVE-2017-3811 was published May 17, 2022
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when... Moderate Unreviewed
CVE-2017-1219 was published May 17, 2022
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi... Moderate Unreviewed
CVE-2016-7458 was published May 17, 2022
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM... Moderate Unreviewed
CVE-2015-0194 was published May 17, 2022
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file... Moderate Unreviewed
CVE-2017-7457 was published May 17, 2022
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote... Moderate Unreviewed
CVE-2015-3160 was published May 17, 2022
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows... Moderate Unreviewed
CVE-2017-8918 was published May 17, 2022
Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,... Moderate Unreviewed
CVE-2017-0170 was published May 17, 2022
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access... Moderate Unreviewed
CVE-2017-15639 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database