Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

325 advisories

Loading
When opening a specially crafted 3DXML file, the application containing Datakit Software... Moderate Unreviewed
CVE-2021-27492 was published May 24, 2022
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE)... Moderate Unreviewed
CVE-2020-36124 was published May 24, 2022
A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could... Moderate Unreviewed
CVE-2021-1369 was published May 24, 2022
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform... Moderate Unreviewed
CVE-2021-25164 was published May 24, 2022
An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated,... Moderate Unreviewed
CVE-2020-7036 was published May 24, 2022
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura... Moderate Unreviewed
CVE-2020-7035 was published May 24, 2022
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or... Moderate Unreviewed
CVE-2021-27736 was published May 24, 2022
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP... Moderate Unreviewed
CVE-2021-27604 was published May 24, 2022
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build... Moderate Unreviewed
CVE-2021-28973 was published May 24, 2022
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge... Moderate Unreviewed
CVE-2020-28387 was published May 24, 2022
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in... Moderate Unreviewed
CVE-2021-26969 was published May 24, 2022
SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office,... Moderate Unreviewed
CVE-2021-21470 was published May 24, 2022
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization ... Moderate Unreviewed
CVE-2020-26981 was published May 24, 2022
IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE... Moderate Unreviewed
CVE-2020-4606 was published May 24, 2022
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to... Moderate Unreviewed
CVE-2020-29436 was published May 24, 2022
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists... Moderate Unreviewed
CVE-2020-35123 was published May 24, 2022
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used... Moderate Unreviewed
CVE-2020-26513 was published May 24, 2022
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated... Moderate Unreviewed
CVE-2020-7032 was published May 24, 2022
XXE vulnerability in Jenkins Visualworks Store Plugin Moderate
CVE-2020-2315 was published for org.jenkins-ci.plugins:visualworks-store (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Subversion Plugin Moderate
CVE-2020-2304 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Mercurial Plugin Moderate
CVE-2020-2305 was published for org.jenkins-ci.plugins:mercurial (Maven) May 24, 2022
NotMyFault westonsteimel
XXE vulnerability in Jenkins Nerrvana Plugin Moderate
CVE-2020-2298 was published for org.jenkins-ci.plugins:nerrvana-plugin (Maven) May 24, 2022
NotMyFault
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an... Moderate Unreviewed
CVE-2020-8256 was published May 24, 2022
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There is XXE with resultant SSRF... Moderate Unreviewed
CVE-2020-15772 was published May 24, 2022
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Moderate Unreviewed
CVE-2020-24379 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database