Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,039 advisories

Loading
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2682 was published for zendframework/zendframework1 (Composer) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2683 was published for zendframework/zendframework1 (Composer) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2681 was published for zendframework/zendframework1 (Composer) May 14, 2022
SimpleXML vulnerable to XML External Entity (XXE) Critical
CVE-2017-1000190 was published for org.simpleframework:simple-xml (Maven) May 14, 2022
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved... High Unreviewed
CVE-2017-6662 was published May 14, 2022
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser... Critical Unreviewed
CVE-2018-1000837 was published May 13, 2022
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx... Critical Unreviewed
CVE-2018-1000835 was published May 13, 2022
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing... Critical Unreviewed
CVE-2018-1000639 was published May 13, 2022
The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2... Moderate Unreviewed
CVE-2017-8710 was published May 13, 2022
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access... Moderate Unreviewed
CVE-2017-3839 was published May 13, 2022
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ... Moderate Unreviewed
CVE-2017-3548 was published May 13, 2022
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. Critical Unreviewed
CVE-2015-9280 was published May 13, 2022
Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote... Moderate Unreviewed
CVE-2015-2125 was published May 13, 2022
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB... High Unreviewed
CVE-2016-9487 was published May 13, 2022
The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability... Moderate Unreviewed
CVE-2017-10617 was published May 13, 2022
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an... High Unreviewed
CVE-2017-12216 was published May 13, 2022
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version... Critical Unreviewed
CVE-2017-3206 was published May 13, 2022
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE)... Critical Unreviewed
CVE-2017-7426 was published May 13, 2022
It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is... Critical Unreviewed
CVE-2017-7464 was published May 13, 2022
It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable... Critical Unreviewed
CVE-2017-7465 was published May 13, 2022
XML External Entity Reference in jbpmmigration Moderate
CVE-2017-7545 was published for org.jbpm.jbpm5:jbpmmigration (Maven) May 13, 2022
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow... Moderate Unreviewed
CVE-2018-0100 was published May 13, 2022
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to... Moderate Unreviewed
CVE-2018-0108 was published May 13, 2022
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an... Moderate Unreviewed
CVE-2018-0414 was published May 13, 2022
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the... Critical Unreviewed
CVE-2018-10600 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database