Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

165 advisories

Loading
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-38389 was published Feb 3, 2023
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-22486 was published Feb 3, 2023
Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). Critical Unreviewed
CVE-2022-47873 was published Feb 1, 2023
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This... Critical Unreviewed
CVE-2021-4311 was published Jan 9, 2023
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This... Critical Unreviewed
CVE-2021-4295 was published Dec 29, 2022
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been... Critical Unreviewed
CVE-2022-4607 was published Dec 19, 2022
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and... Critical Unreviewed
CVE-2022-3980 was published Nov 16, 2022
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2022-40747 was published Nov 4, 2022
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x... Critical Unreviewed
CVE-2022-31678 was published Oct 28, 2022
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The... Critical Unreviewed
CVE-2022-42307 was published Oct 4, 2022
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine... Critical Unreviewed
CVE-2022-1700 was published Sep 13, 2022
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity... Critical Unreviewed
CVE-2022-22489 was published Aug 20, 2022
Due to an XML external entity reference, the software parses XML in the backup/restore... Critical Unreviewed
CVE-2022-1704 was published Aug 6, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... Critical Unreviewed
CVE-2022-31775 was published Aug 2, 2022
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in... Critical Unreviewed
CVE-2022-2131 was published Jul 26, 2022
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin... Critical Unreviewed
CVE-2022-35741 was published Jul 19, 2022
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection... Critical Unreviewed
CVE-2022-23170 was published Jun 25, 2022
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4... Critical Unreviewed
CVE-2021-45024 was published Jun 18, 2022
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. Critical Unreviewed
CVE-2021-45981 was published Jun 3, 2022
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote... Critical Unreviewed
CVE-2021-34436 was published May 24, 2022
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement... Critical Unreviewed
CVE-2020-25912 was published May 24, 2022
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Critical Unreviewed
CVE-2021-38298 was published May 24, 2022
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE)... Critical Unreviewed
CVE-2021-27741 was published May 24, 2022
The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file... Critical Unreviewed
CVE-2021-34823 was published May 24, 2022
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes... Critical Unreviewed
CVE-2021-37425 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database