GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,286
Composer 4,356
Erlang 33
GitHub Actions 22
Go 2,121
Maven 5,299
npm 3,783
NuGet 683
pip 3,465
Pub 12
RubyGems 893
Rust 892
Swift 38

Unreviewed advisories

All unreviewed 244,279

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

733 advisories

Filter by severity

Sort by

Least recently updated

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common... High Unreviewed

CVE-2023-3113 was published Jun 26, 2023

Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Critical Unreviewed

CVE-2023-24470 was published Jun 14, 2023

Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC... Moderate Unreviewed

CVE-2023-29498 was published Jun 13, 2023

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can... Moderate Unreviewed

CVE-2023-32706 was published Jun 1, 2023

The client in OpenText Archive Center Administration through 21.2 allows XXE attacks.... High Unreviewed

CVE-2022-41221 was published May 24, 2023

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by... Moderate Unreviewed

CVE-2023-2806 was published May 19, 2023

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ... Moderate Unreviewed

CVE-2023-20174 was published May 18, 2023

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ... Moderate Unreviewed

CVE-2023-20173 was published May 18, 2023

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection ... Critical Unreviewed

CVE-2023-27554 was published May 11, 2023

Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE).... High Unreviewed

CVE-2023-27527 was published May 10, 2023

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user... Moderate Unreviewed

CVE-2022-45876 was published Apr 27, 2023

HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when... High Unreviewed

CVE-2023-28009 was published Apr 26, 2023

HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection ... High Unreviewed

CVE-2023-28008 was published Apr 26, 2023

Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to conduct an XXE attack. Moderate Unreviewed

CVE-2023-29443 was published Apr 26, 2023

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the... Moderate Unreviewed

CVE-2023-26057 was published Apr 25, 2023

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance... Moderate Unreviewed

CVE-2023-26058 was published Apr 25, 2023

An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges... Moderate Unreviewed

CVE-2023-27652 was published Apr 20, 2023

All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML... Moderate Unreviewed

CVE-2023-26264 was published Apr 13, 2023

All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML... Moderate Unreviewed

CVE-2023-26263 was published Apr 13, 2023

A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The application... Moderate Unreviewed

CVE-2023-28828 was published Apr 11, 2023

National land numerical information data conversion tool all versions improperly restricts XML... Moderate Unreviewed

CVE-2023-25955 was published Apr 11, 2023

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. Moderate Unreviewed

CVE-2023-28340 was published Apr 11, 2023

IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing... High Unreviewed

CVE-2023-27876 was published Apr 7, 2023

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed

CVE-2023-20030 was published Apr 5, 2023

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including... Moderate Unreviewed

CVE-2022-43941 was published Apr 3, 2023

Previous 1 2 3 4 5 6 7 8 … 29 30 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

733 advisories