GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
447 advisories
Filter by severity
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE)...
High
Unreviewed
CVE-2019-14693
was published
May 24, 2022
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through...
High
Unreviewed
CVE-2019-13176
was published
May 24, 2022
The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly...
High
Unreviewed
CVE-2018-14383
was published
May 24, 2022
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator...
High
Unreviewed
CVE-2019-10264
was published
May 24, 2022
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of...
High
Unreviewed
CVE-2019-10266
was published
May 24, 2022
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of...
High
Unreviewed
CVE-2019-7847
was published
May 24, 2022
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files...
High
Unreviewed
CVE-2019-13358
was published
May 24, 2022
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification...
High
Unreviewed
CVE-2019-13031
was published
May 24, 2022
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of...
High
Unreviewed
CVE-2018-20843
was published
May 24, 2022
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.
High
Unreviewed
CVE-2019-11392
was published
May 24, 2022
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to...
High
Unreviewed
CVE-2019-10718
was published
May 24, 2022
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4...
High
Unreviewed
CVE-2019-3722
was published
May 24, 2022
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12...
High
Unreviewed
CVE-2019-8999
was published
May 24, 2022
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6...
High
Unreviewed
CVE-2014-5238
was published
May 17, 2022
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur...
High
Unreviewed
CVE-2020-9352
was published
May 24, 2022
XML External Entity (XXE) Injection in Jackson Databind
High
CVE-2020-25649
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Feb 18, 2021
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE)...
High
Unreviewed
CVE-2024-27266
was published
Mar 14, 2024
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.
High
Unreviewed
CVE-2023-50168
was published
Mar 14, 2024
Improper Restriction of XML External Entity Reference in iText
High
CVE-2017-9096
was published
for
com.itextpdf:itextpdf
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
High
CVE-2018-17186
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
High
CVE-2018-1308
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
HuTool XML parsing module has blind XXE vulnerability
High
CVE-2023-3276
was published
for
cn.hutool:hutool-core
(Maven)
Jun 15, 2023
Improper Restriction of XML External Entity Reference in Spring Framework
High
CVE-2014-0225
was published
for
org.springframework:spring-webmvc
(Maven)
May 13, 2022
XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and...
High
Unreviewed
CVE-2024-25606
was published
Feb 20, 2024
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This...
High
Unreviewed
CVE-2022-42745
was published
Nov 4, 2022
ProTip!
Advisories are also available from the
GraphQL API