Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

474 advisories

Loading
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection ... High Unreviewed
CVE-2016-9724 was published May 17, 2022
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External... High Unreviewed
CVE-2016-8974 was published May 17, 2022
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity... High Unreviewed
CVE-2016-8980 was published May 17, 2022
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External... High Unreviewed
CVE-2016-6059 was published May 17, 2022
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access... High Unreviewed
CVE-2016-10097 was published May 17, 2022
getID3 is vulnerable to XML External Entity (XXE) High
CVE-2014-2053 was published for james-heinrich/getid3 (Composer) May 17, 2022
perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An... High Unreviewed
CVE-2016-9181 was published May 17, 2022
IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files... High Unreviewed
CVE-2016-3033 was published May 17, 2022
IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read... High Unreviewed
CVE-2016-3055 was published May 17, 2022
Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document... High Unreviewed
CVE-2016-6408 was published May 17, 2022
Improper Restriction of XML External Entity Reference in Apache Solr High
CVE-2012-6612 was published for org.apache.solr:solr-core (Maven) May 17, 2022
Zend Framework XXE Vulnerability High
CVE-2012-3363 was published for zendframework/zendframework1 (Composer) May 17, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references High
CVE-2012-4399 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
jersey: XXE via parameter entities not disabled by the jersey SAX parser High Unreviewed
CVE-2014-3643 was published May 17, 2022
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6... High Unreviewed
CVE-2014-5238 was published May 17, 2022
XML External Entity Reference in Jenkins Storable Configs Plugin High
CVE-2022-30971 was published for org.jvnet.hudson.plugins:storable-configs-plugin (Maven) May 18, 2022
NotMyFault
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter... High Unreviewed
CVE-2022-29801 was published May 21, 2022
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12... High Unreviewed
CVE-2019-8999 was published May 24, 2022
An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote... High Unreviewed
CVE-2018-17169 was published May 24, 2022
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity... High Unreviewed
CVE-2019-4208 was published May 24, 2022
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4... High Unreviewed
CVE-2019-3722 was published May 24, 2022
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin High
CVE-2019-10337 was published for org.jenkins-ci.plugins:token-macro (Maven) May 24, 2022
secjoker
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity... High Unreviewed
CVE-2018-1845 was published May 24, 2022
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to... High Unreviewed
CVE-2019-10718 was published May 24, 2022
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. High Unreviewed
CVE-2019-11392 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database