Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,026 advisories

Loading
Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. Critical Unreviewed
CVE-2021-46660 was published Jan 31, 2022
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14... Moderate Unreviewed
CVE-2022-23031 was published Jan 26, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity... High Unreviewed
CVE-2020-4876 was published Jan 22, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity... High Unreviewed
CVE-2020-4875 was published Jan 22, 2022
corenlp is vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2022-0239 was published for edu.stanford.nlp:stanford-corenlp (Maven) Jan 21, 2022
Improper Restriction of XML External Entity Reference in skylot/jadx Moderate
CVE-2022-0219 was published for io.github.skylot:jadx-core (Maven) Jan 21, 2022
Haxatron
XML External Entity Reference in edu.stanford.nlp:stanford-corenlp Moderate
CVE-2022-0198 was published for edu.stanford.nlp:stanford-corenlp (Maven) Jan 14, 2022
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML... Critical Unreviewed
CVE-2021-40722 was published Jan 14, 2022
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG"... High Unreviewed
CVE-2021-42560 was published Jan 13, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi Moderate
CVE-2020-13940 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file... Moderate Unreviewed
CVE-2021-44028 was published Dec 23, 2021
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a... Moderate Unreviewed
CVE-2021-45096 was published Dec 17, 2021
Improper Restriction of XML External Entity Reference in com.h2database:h2. High
CVE-2021-23463 was published for com.h2database:h2 (Maven) Dec 16, 2021
mprins
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference Moderate Unreviewed
CVE-2021-3836 was published Dec 15, 2021
National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is... Critical Unreviewed
CVE-2021-44557 was published Dec 9, 2021
National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected... Critical Unreviewed
CVE-2021-44556 was published Dec 9, 2021
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. High Unreviewed
CVE-2021-42776 was published Dec 2, 2021
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4... Moderate Unreviewed
CVE-2021-44147 was published Nov 23, 2021
XML External Entity vulnerability in Easy-XML High
CVE-2020-26705 was published for easy-xml (pip) Nov 1, 2021
XML External Entity vulnerability in MODX CMS Critical
CVE-2020-25911 was published for modx/revolution (Composer) Nov 1, 2021
XML External Entity Reference in org.opencms:opencms-core Moderate
CVE-2021-3312 was published for org.opencms:opencms-core (Maven) Oct 12, 2021
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby High
CVE-2021-41098 was published for nokogiri (RubyGems) Sep 27, 2021
XML External Entity Reference in Apache Jena High
CVE-2021-39239 was published for org.apache.jena:jena-core (Maven) Sep 20, 2021
XML Injection in Any23 Critical
CVE-2021-38555 was published for org.apache.any23:apache-any23 (Maven) Sep 13, 2021
XML External Entity Injection in PyWPS High
CVE-2021-39371 was published for pywps (pip) Sep 2, 2021
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database