Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. Moderate Unreviewed
CVE-2019-14276 was published May 24, 2022
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco... Moderate Unreviewed
CVE-2019-12711 was published May 24, 2022
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable... Moderate Unreviewed
CVE-2019-9488 was published May 24, 2022
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin... Moderate Unreviewed
CVE-2019-15641 was published May 24, 2022
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened... Moderate Unreviewed
CVE-2019-0340 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). Moderate Unreviewed
CVE-2017-18438 was published May 24, 2022
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered... Moderate Unreviewed
CVE-2019-10976 was published May 24, 2022
Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information... Moderate Unreviewed
CVE-2019-1010202 was published May 24, 2022
Intersystems Cache 2017.2.2.865.0 allows XXE. Moderate Unreviewed
CVE-2018-17152 was published May 24, 2022
Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE... Moderate Unreviewed
CVE-2019-11519 was published May 24, 2022
An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console... Moderate Unreviewed
CVE-2018-17289 was published May 24, 2022
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection... Moderate Unreviewed
CVE-2024-25971 was published Mar 28, 2024
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector Moderate Unreviewed
CVE-2024-31139 was published Mar 28, 2024
A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This... Moderate Unreviewed
CVE-2024-2826 was published Mar 22, 2024
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an... Moderate Unreviewed
CVE-2020-8256 was published May 24, 2022
Apache Solr UpdateRequestHandler for XML resolves XML External Entities Moderate
CVE-2013-6407 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
XML external entity expansion in org.apache.solr:solr-core Moderate
CVE-2018-8026 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files Moderate
CVE-2018-8010 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
Moderate severity vulnerability that affects io.vertx:vertx-core Moderate
CVE-2018-12544 was published for io.vertx:vertx-core (Maven) Oct 17, 2018
MarkLee131
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain... Moderate Unreviewed
CVE-2010-3322 was published May 17, 2022
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an... Moderate Unreviewed
CVE-2023-25926 was published Feb 29, 2024
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4... Moderate Unreviewed
CVE-2021-44147 was published Nov 23, 2021
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files... Moderate Unreviewed
CVE-2012-2239 was published May 17, 2022
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3... Moderate Unreviewed
CVE-2012-3489 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database