Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

325 advisories

Loading
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2022-41241 was published for net.praqma:rqm-plugin (Maven) Sep 22, 2022
NotMyFault
Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity ... Moderate Unreviewed
CVE-2022-38342 was published Sep 14, 2022
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows... Moderate Unreviewed
CVE-2022-2330 was published Aug 31, 2022
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling... Moderate Unreviewed
CVE-2022-2838 was published Aug 17, 2022
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's... Moderate Unreviewed
CVE-2020-14379 was published Aug 17, 2022
mofh Vulnerable to Improper Restriction of XML External Entity Reference Moderate
GHSA-7r9x-qrpr-3cxw was published for mofh (pip) Aug 11, 2022
Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. Moderate Unreviewed
CVE-2022-34001 was published Jul 20, 2022
XML External Entity Reference in Eclipse Lyo Moderate
CVE-2021-41042 was published for org.eclipse.lyo:lyo-parent (Maven) Jul 8, 2022
HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2014-3599 was published for org.hornetq.rest:hornetq-rest (Maven) May 24, 2022
XXE vulnerability in Jenkins pom2config Plugin Moderate
CVE-2021-43576 was published for org.jenkins-ci.plugins:pom2config (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Performance Plugin Moderate
CVE-2021-21701 was published for org.jenkins-ci.plugins:performance (Maven) May 24, 2022
NotMyFault
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote... Moderate Unreviewed
CVE-2021-20839 was published May 24, 2022
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML... Moderate Unreviewed
CVE-2021-20801 was published May 24, 2022
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE... Moderate Unreviewed
CVE-2021-40439 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2021-34706 was published May 24, 2022
NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks. Moderate Unreviewed
CVE-2021-35201 was published May 24, 2022
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior... Moderate Unreviewed
CVE-2021-31842 was published May 24, 2022
An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto... Moderate Unreviewed
CVE-2021-3055 was published May 24, 2022
A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML... Moderate Unreviewed
CVE-2021-37178 was published May 24, 2022
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <... Moderate Unreviewed
CVE-2020-26564 was published May 24, 2022
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file... Moderate Unreviewed
CVE-2021-32972 was published May 24, 2022
There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not... Moderate Unreviewed
CVE-2021-22338 was published May 24, 2022
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external... Moderate Unreviewed
CVE-2021-28684 was published May 24, 2022
SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker... Moderate Unreviewed
CVE-2021-27635 was published May 24, 2022
SilverStripe XXE Vulnerability in CSSContentParser Moderate
CVE-2020-25817 was published for silverstripe/framework (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database