GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
248 advisories
Filter by severity
jackson-dataformat-xml vulnerable to XML external entity (XXE)
Critical
CVE-2016-3720
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
Critical
CVE-2018-15531
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Oct 17, 2018
XML External Entity (XXE) vulnerability in codelibs fess
Critical
CVE-2018-1000822
was published
for
org.codelibs.fess:fess
(Maven)
Dec 20, 2018
XML External Entity (XXE) vulnerability in Square Retrofit
Critical
CVE-2018-1000844
was published
for
com.squareup.retrofit2:retrofit
(Maven)
Dec 21, 2018
Eclipse RDF4j vulnerable to XML External Entitiy
Critical
CVE-2018-1000644
was published
for
org.eclipse.rdf4j:rdf4j-runtime
(Maven)
Oct 19, 2018
XML External Entity Reference in mchange:c3p0
Critical
CVE-2018-20433
was published
for
com.mchange:c3p0
(Maven)
Jan 7, 2019
XML External Entity (XXE) vulnerability in bw-calendar-engine
Critical
CVE-2018-1000836
was published
for
org.bedework.caleng:bw-calendar-engine
(Maven)
Dec 20, 2018
exist-db:exist-core XML External Entity (XXE) vulnerability
Critical
CVE-2018-1000823
was published
for
org.exist-db:exist-core
(Maven)
Dec 20, 2018
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected...
Critical
Unreviewed
CVE-2022-22795
was published
Mar 11, 2022
Improper Restriction of XML External Entity Reference in soa-model
Critical
CVE-2021-43090
was published
for
com.predic8:soa-model-core
(Maven)
Mar 26, 2022
Improper Restriction of XML External Entity Reference in Apace Derby
Critical
CVE-2015-1832
was published
for
org.apache.derby:derby
(Maven)
May 13, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not...
Critical
Unreviewed
CVE-2015-8866
was published
May 14, 2022
Improper Restriction of XML External Entity Reference in Apache OpenNLP
Critical
CVE-2017-12620
was published
for
org.apache.opennlp:opennlp-tools
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Critical
CVE-2015-3208
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
dom4j allows External Entities by default which might enable XXE attacks
Critical
CVE-2020-10683
was published
for
dom4j:dom4j
(Maven)
Jun 5, 2020
Improper Restriction of XML External Entity Reference in Mulesoft APIkit
Critical
CVE-2020-10991
was published
for
rg.mule.modules:mule-apikit-module
(Maven)
May 24, 2022
Improper Restriction of XML External Entity Reference in Liquibase
Critical
CVE-2022-0839
was published
for
org.liquibase:liquibase-core
(Maven)
Mar 5, 2022
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that...
Critical
Unreviewed
CVE-2022-28219
was published
Apr 6, 2022
Improper Restriction of XML External Entity Reference in Stanford CoreNLP
Critical
CVE-2021-3878
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
May 24, 2022
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.
Critical
Unreviewed
CVE-2021-45981
was published
Jun 3, 2022
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and...
Critical
Unreviewed
CVE-2016-7460
was published
May 17, 2022
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity...
Critical
Unreviewed
CVE-2017-1383
was published
May 17, 2022
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4...
Critical
Unreviewed
CVE-2021-45024
was published
Jun 18, 2022
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity...
Critical
Unreviewed
CVE-2022-22489
was published
Aug 20, 2022
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection...
Critical
Unreviewed
CVE-2022-23170
was published
Jun 25, 2022
ProTip!
Advisories are also available from the
GraphQL API