Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

349 advisories

Loading
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a... High Unreviewed
CVE-2022-27873 was published Jul 30, 2022
Access to external entities when parsing XML documents can lead to XML external entity (XXE)... High Unreviewed
CVE-2022-2414 was published Jul 30, 2022
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs... High Unreviewed
CVE-2021-42537 was published Jul 28, 2022
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient... High Unreviewed
CVE-2022-32458 was published Jul 21, 2022
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML... High Unreviewed
CVE-2022-22358 was published Jul 20, 2022
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker... High Unreviewed
CVE-2022-35168 was published Jul 13, 2022
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system... High Unreviewed
CVE-2021-40510 was published Jun 22, 2022
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions <... High Unreviewed
CVE-2022-32285 was published Jun 15, 2022
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access... High Unreviewed
CVE-2022-31447 was published Jun 15, 2022
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful... High Unreviewed
CVE-2022-31261 was published May 25, 2022
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE)... High Unreviewed
CVE-2022-22977 was published May 25, 2022
An improper restriction of XML external entity reference vulnerability in the parser of XML... High Unreviewed
CVE-2021-36172 was published May 24, 2022
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote... High Unreviewed
CVE-2021-20838 was published May 24, 2022
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which... High Unreviewed
CVE-2020-19954 was published May 24, 2022
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows... High Unreviewed
CVE-2021-40500 was published May 24, 2022
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO... High Unreviewed
CVE-2021-35496 was published May 24, 2022
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE... High Unreviewed
CVE-2021-41770 was published May 24, 2022
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an... High Unreviewed
CVE-2021-29831 was published May 24, 2022
Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application... High Unreviewed
CVE-2021-30137 was published May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter... High Unreviewed
CVE-2021-40356 was published May 24, 2022
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). High Unreviewed
CVE-2021-38584 was published May 24, 2022
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component... High Unreviewed
CVE-2021-1630 was published May 24, 2022
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7... High Unreviewed
CVE-2021-22523 was published May 24, 2022
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data... High Unreviewed
CVE-2019-3752 was published May 24, 2022
Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air... High Unreviewed
CVE-2021-20595 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database