Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

498 advisories

Loading
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity... High Unreviewed
CVE-2021-22140 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack... High Unreviewed
CVE-2020-4300 was published May 24, 2022
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote... High Unreviewed
CVE-2022-3340 was published Nov 4, 2022
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input,... High Unreviewed
CVE-2020-6590 was published May 24, 2022
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform... High Unreviewed
CVE-2021-25165 was published May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML... High Unreviewed
CVE-2021-20492 was published May 24, 2022
An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. High Unreviewed
CVE-2021-30201 was published May 24, 2022
Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air... High Unreviewed
CVE-2021-20595 was published May 24, 2022
XML External Entity Reference in org.picketlink:picketlink-common High
CVE-2014-3530 was published for org.picketlink:picketlink-common (Maven) May 14, 2022
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data... High Unreviewed
CVE-2019-3752 was published May 24, 2022
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7... High Unreviewed
CVE-2021-22523 was published May 24, 2022
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient... High Unreviewed
CVE-2022-32458 was published Jul 21, 2022
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec... High Unreviewed
CVE-2022-25628 was published Dec 21, 2022
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component... High Unreviewed
CVE-2021-1630 was published May 24, 2022
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). High Unreviewed
CVE-2021-38584 was published May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter... High Unreviewed
CVE-2021-40356 was published May 24, 2022
Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application... High Unreviewed
CVE-2021-30137 was published May 24, 2022
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an... High Unreviewed
CVE-2021-29831 was published May 24, 2022
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE... High Unreviewed
CVE-2021-41770 was published May 24, 2022
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which... High Unreviewed
CVE-2020-19954 was published May 24, 2022
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO... High Unreviewed
CVE-2021-35496 was published May 24, 2022
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows... High Unreviewed
CVE-2021-40500 was published May 24, 2022
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote... High Unreviewed
CVE-2021-20838 was published May 24, 2022
An improper restriction of XML external entity reference vulnerability in the parser of XML... High Unreviewed
CVE-2021-36172 was published May 24, 2022
Multiple components in Apache NiFi do not restrict XML External Entity references High
CVE-2022-29265 was published for org.apache.nifi:nifi (Maven) May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database