Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,791
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,995
NuGet
720
pip
3,789
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

497 advisories

Loading
perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An... High Unreviewed
CVE-2016-9181 was published May 17, 2022
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an... High Unreviewed
CVE-2017-1149 was published May 17, 2022
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access... High Unreviewed
CVE-2016-10097 was published May 17, 2022
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML... High Unreviewed
CVE-2022-22358 was published Jul 20, 2022
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity... High Unreviewed
CVE-2016-9707 was published May 17, 2022
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity... High Unreviewed
CVE-2017-1103 was published May 17, 2022
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External... High Unreviewed
CVE-2016-6059 was published May 17, 2022
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection ... High Unreviewed
CVE-2016-9724 was published May 17, 2022
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused... High Unreviewed
CVE-2016-9691 was published May 17, 2022
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External... High Unreviewed
CVE-2016-9698 was published May 17, 2022
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3... High Unreviewed
CVE-2017-9231 was published May 17, 2022
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when... High Unreviewed
CVE-2017-1254 was published May 17, 2022
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker... High Unreviewed
CVE-2022-35168 was published Jul 13, 2022
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when... High Unreviewed
CVE-2017-1322 was published May 17, 2022
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system... High Unreviewed
CVE-2021-40510 was published Jun 22, 2022
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions <... High Unreviewed
CVE-2022-32285 was published Jun 15, 2022
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access... High Unreviewed
CVE-2022-31447 was published Jun 15, 2022
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if... High Unreviewed
CVE-2017-11390 was published May 17, 2022
XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers... High Unreviewed
CVE-2010-2245 was published May 17, 2022
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful... High Unreviewed
CVE-2022-31261 was published May 25, 2022
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE)... High Unreviewed
CVE-2022-22977 was published May 25, 2022
Improper Restriction of XML External Entity Reference in Stanford CoreNLP High
CVE-2021-3869 was published for edu.stanford.nlp:stanford-corenlp (Maven) May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It... High Unreviewed
CVE-2020-25257 was published May 24, 2022
Improper Restriction of XML External Entity Reference in Apache Solr High
CVE-2012-6612 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS) High
CVE-2022-37189 was published for mei2volpiano (pip) Sep 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database