Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

447 advisories

Loading
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE)... High Unreviewed
CVE-2019-14693 was published May 24, 2022
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through... High Unreviewed
CVE-2019-13176 was published May 24, 2022
The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly... High Unreviewed
CVE-2018-14383 was published May 24, 2022
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator... High Unreviewed
CVE-2019-10264 was published May 24, 2022
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of... High Unreviewed
CVE-2019-10266 was published May 24, 2022
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of... High Unreviewed
CVE-2019-7847 was published May 24, 2022
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files... High Unreviewed
CVE-2019-13358 was published May 24, 2022
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification... High Unreviewed
CVE-2019-13031 was published May 24, 2022
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of... High Unreviewed
CVE-2018-20843 was published May 24, 2022
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. High Unreviewed
CVE-2019-11392 was published May 24, 2022
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to... High Unreviewed
CVE-2019-10718 was published May 24, 2022
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4... High Unreviewed
CVE-2019-3722 was published May 24, 2022
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12... High Unreviewed
CVE-2019-8999 was published May 24, 2022
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6... High Unreviewed
CVE-2014-5238 was published May 17, 2022
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur... High Unreviewed
CVE-2020-9352 was published May 24, 2022
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE)... High Unreviewed
CVE-2024-27266 was published Mar 14, 2024
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. High Unreviewed
CVE-2023-50168 was published Mar 14, 2024
Improper Restriction of XML External Entity Reference in iText High
CVE-2017-9096 was published for com.itextpdf:itextpdf (Maven) May 13, 2022
AndrzejBiernacki2010
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core High
CVE-2018-17186 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
There is a XML external entity expansion (XXE) vulnerability in Apache Solr High
CVE-2018-1308 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
HuTool XML parsing module has blind XXE vulnerability High
CVE-2023-3276 was published for cn.hutool:hutool-core (Maven) Jun 15, 2023
Improper Restriction of XML External Entity Reference in Spring Framework High
CVE-2014-0225 was published for org.springframework:spring-webmvc (Maven) May 13, 2022
sunSUNQ
XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and... High Unreviewed
CVE-2024-25606 was published Feb 20, 2024
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This... High Unreviewed
CVE-2022-42745 was published Nov 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database