GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
721 advisories
Filter by severity
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4...
Moderate
Unreviewed
CVE-2021-44147
was published
Nov 23, 2021
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.
High
Unreviewed
CVE-2021-42776
was published
Dec 2, 2021
National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is...
Critical
Unreviewed
CVE-2021-44557
was published
Dec 9, 2021
National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected...
Critical
Unreviewed
CVE-2021-44556
was published
Dec 9, 2021
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference
Moderate
Unreviewed
CVE-2021-3836
was published
Dec 15, 2021
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a...
Moderate
Unreviewed
CVE-2021-45096
was published
Dec 17, 2021
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file...
Moderate
Unreviewed
CVE-2021-44028
was published
Dec 23, 2021
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG"...
High
Unreviewed
CVE-2021-42560
was published
Jan 13, 2022
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML...
Critical
Unreviewed
CVE-2021-40722
was published
Jan 14, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity...
High
Unreviewed
CVE-2020-4875
was published
Jan 22, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity...
High
Unreviewed
CVE-2020-4876
was published
Jan 22, 2022
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14...
Moderate
Unreviewed
CVE-2022-23031
was published
Jan 26, 2022
Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks.
Critical
Unreviewed
CVE-2021-46660
was published
Jan 31, 2022
Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before...
High
Unreviewed
CVE-2022-21220
was published
Feb 11, 2022
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R)...
High
Unreviewed
CVE-2022-21205
was published
Feb 11, 2022
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly...
High
Unreviewed
CVE-2020-14478
was published
Feb 25, 2022
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was...
Critical
Unreviewed
CVE-2022-24340
was published
Feb 26, 2022
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the...
Moderate
Unreviewed
CVE-2022-22835
was published
Mar 11, 2022
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected...
Critical
Unreviewed
CVE-2022-22795
was published
Mar 11, 2022
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's...
High
Unreviewed
CVE-2021-42194
was published
Mar 22, 2022
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10...
Moderate
Unreviewed
CVE-2022-0861
was published
Mar 24, 2022
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability...
High
Unreviewed
CVE-2021-44477
was published
Mar 26, 2022
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA...
High
Unreviewed
CVE-2021-33208
was published
Apr 1, 2022
When opening a malicious solution file provided by an attacker, the application suffers from an...
Moderate
Unreviewed
CVE-2022-1018
was published
Apr 3, 2022
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that...
Critical
Unreviewed
CVE-2022-28219
was published
Apr 6, 2022
ProTip!
Advisories are also available from the
GraphQL API