Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

316 advisories

Loading
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers... High Unreviewed
CVE-2021-27777 was published May 13, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... High Unreviewed
CVE-2022-20780 was published May 5, 2022
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service... High Unreviewed
CVE-2022-21949 was published May 4, 2022
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2... High Unreviewed
CVE-2009-1699 was published May 2, 2022
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external... High Unreviewed
CVE-2012-1102 was published Apr 23, 2022
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External... High Unreviewed
CVE-2011-3600 was published Apr 22, 2022
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA... High Unreviewed
CVE-2021-33208 was published Apr 1, 2022
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability... High Unreviewed
CVE-2021-44477 was published Mar 26, 2022
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's... High Unreviewed
CVE-2021-42194 was published Mar 22, 2022
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly... High Unreviewed
CVE-2020-14478 was published Feb 25, 2022
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R)... High Unreviewed
CVE-2022-21205 was published Feb 11, 2022
Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before... High Unreviewed
CVE-2022-21220 was published Feb 11, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity... High Unreviewed
CVE-2020-4876 was published Jan 22, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity... High Unreviewed
CVE-2020-4875 was published Jan 22, 2022
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG"... High Unreviewed
CVE-2021-42560 was published Jan 13, 2022
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. High Unreviewed
CVE-2021-42776 was published Dec 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database