Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,044
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

357 advisories

Loading
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file... Moderate Unreviewed
CVE-2017-7457 was published May 17, 2022
phpMyAdmin vulnerable to XML external entity (XXE) injection attack Moderate
CVE-2011-4107 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2014-3529 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote... Moderate Unreviewed
CVE-2015-3160 was published May 17, 2022
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows... Moderate Unreviewed
CVE-2017-8918 was published May 17, 2022
Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,... Moderate Unreviewed
CVE-2017-0170 was published May 17, 2022
Umbraco CMS XXE Vulnerability Moderate
CVE-2017-15280 was published for UmbracoCms.Web (NuGet) May 17, 2022
XML External Entity Reference in Apache NiFi Moderate
CVE-2017-12623 was published for org.apache.nifi:nifi (Maven) May 17, 2022
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access... Moderate Unreviewed
CVE-2017-15639 was published May 17, 2022
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml... Moderate Unreviewed
CVE-2017-9095 was published May 17, 2022
TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks... Moderate Unreviewed
CVE-2017-10889 was published May 17, 2022
XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7... Moderate Unreviewed
CVE-2016-0219 was published May 14, 2022
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL... Moderate Unreviewed
CVE-2017-14699 was published May 14, 2022
A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control... Moderate Unreviewed
CVE-2018-3600 was published May 14, 2022
XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6... Moderate Unreviewed
CVE-2016-0369 was published May 14, 2022
XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH... Moderate Unreviewed
CVE-2016-0268 was published May 14, 2022
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5... Moderate Unreviewed
CVE-2018-6225 was published May 14, 2022
XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3... Moderate Unreviewed
CVE-2016-0250 was published May 14, 2022
The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for... Moderate Unreviewed
CVE-2018-5758 was published May 14, 2022
Digital Guardian Management Console 7.1.2.0015 has an XXE issue. Moderate Unreviewed
CVE-2018-10175 was published May 14, 2022
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp... Moderate Unreviewed
CVE-2018-10832 was published May 14, 2022
XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin Moderate
CVE-2018-1000198 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 14, 2022
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. Moderate Unreviewed
CVE-2018-11719 was published May 14, 2022
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS)... Moderate Unreviewed
CVE-2018-8533 was published May 14, 2022
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS)... Moderate Unreviewed
CVE-2018-8527 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database