GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,903

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

164 advisories

Filter by severity

Sort by

Least recently updated

Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. Critical Unreviewed

CVE-2018-20664 was published May 14, 2022

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed

CVE-2016-6256 was published May 14, 2022

UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser... Critical Unreviewed

CVE-2018-1000837 was published May 13, 2022

KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx... Critical Unreviewed

CVE-2018-1000835 was published May 13, 2022

LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing... Critical Unreviewed

CVE-2018-1000639 was published May 13, 2022

MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. Critical Unreviewed

CVE-2015-9280 was published May 13, 2022

The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version... Critical Unreviewed

CVE-2017-3206 was published May 13, 2022

The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE)... Critical Unreviewed

CVE-2017-7426 was published May 13, 2022

It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is... Critical Unreviewed

CVE-2017-7464 was published May 13, 2022

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable... Critical Unreviewed

CVE-2017-7465 was published May 13, 2022

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the... Critical Unreviewed

CVE-2018-10600 was published May 13, 2022

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External... Critical Unreviewed

CVE-2018-1727 was published May 13, 2022

IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External... Critical Unreviewed

CVE-2018-1821 was published May 13, 2022

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro... Critical Unreviewed

CVE-2018-6486 was published May 13, 2022

FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE)... Critical Unreviewed

CVE-2018-1000828 was published May 13, 2022

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2... Critical Unreviewed

CVE-2014-3630 was published May 13, 2022

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8... Critical Unreviewed

CVE-2018-10653 was published May 13, 2022

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway... Critical Unreviewed

CVE-2017-9458 was published May 13, 2022

Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External... Critical Unreviewed

CVE-2016-9924 was published May 13, 2022

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht... Critical Unreviewed

CVE-2017-8110 was published May 13, 2022

perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity... Critical Unreviewed

CVE-2016-9180 was published May 13, 2022

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17... Critical Unreviewed

CVE-2018-12463 was published May 13, 2022

Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting... Critical Unreviewed

CVE-2017-1000497 was published May 13, 2022

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information,... Critical Unreviewed

CVE-2016-2908 was published May 13, 2022

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and... Critical Unreviewed

CVE-2018-16792 was published May 13, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

164 advisories