GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,046
Composer 5,218
Erlang 40
GitHub Actions 40
Go 2,974
Maven 6,256
npm 4,621
NuGet 788
pip 4,317
Pub 12
RubyGems 984
Rust 1,131
Swift 49

Unreviewed advisories

All unreviewed 289,607

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

173 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4... Critical Unreviewed

CVE-2021-45024 was published Jun 18, 2022

NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. Critical Unreviewed

CVE-2021-45981 was published Jun 3, 2022

In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote... Critical Unreviewed

CVE-2021-34436 was published May 24, 2022

A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement... Critical Unreviewed

CVE-2020-25912 was published May 24, 2022

Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Critical Unreviewed

CVE-2021-38298 was published May 24, 2022

" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE)... Critical Unreviewed

CVE-2021-27741 was published May 24, 2022

The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file... Critical Unreviewed

CVE-2021-34823 was published May 24, 2022

Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes... Critical Unreviewed

CVE-2021-37425 was published May 24, 2022

IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External... Critical Unreviewed

CVE-2021-20399 was published May 24, 2022

An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. Critical Unreviewed

CVE-2021-35066 was published May 24, 2022

IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed

CVE-2020-5003 was published May 24, 2022

XML External Entity Resolution (XXE) in Helix ALM. The XML Import functionality of the... Critical Unreviewed

CVE-2021-29997 was published May 24, 2022

MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a... Critical Unreviewed

CVE-2021-1628 was published May 24, 2022

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API... Critical Unreviewed

CVE-2021-27931 was published May 24, 2022

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via... Critical Unreviewed

CVE-2021-26703 was published May 24, 2022

An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. Critical Unreviewed

CVE-2020-35604 was published May 24, 2022

yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. Critical Unreviewed

CVE-2020-25215 was published May 24, 2022

An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan... Critical Unreviewed

CVE-2018-20687 was published May 24, 2022

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by... Critical Unreviewed

CVE-2019-14678 was published May 24, 2022

Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is... Critical Unreviewed

CVE-2019-14277 was published May 24, 2022

NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported,... Critical Unreviewed

CVE-2019-13625 was published May 24, 2022

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to... Critical Unreviewed

CVE-2019-1903 was published May 24, 2022

An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit... Critical Unreviewed

CVE-2018-18406 was published May 24, 2022

/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and... Critical Unreviewed

CVE-2018-18471 was published May 24, 2022

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to... Critical Unreviewed

CVE-2018-15506 was published May 24, 2022

Previous 1…3…7 Next

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

173 advisories