Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,167
Maven
5,000+
npm
3,830
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
906
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

165 advisories

Loading
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. Critical Unreviewed
CVE-2015-7326 was published May 14, 2022
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Critical Unreviewed
CVE-2015-7241 was published May 14, 2022
In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13416 was published May 14, 2022
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13415 was published May 14, 2022
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is... Critical Unreviewed
CVE-2018-13417 was published May 14, 2022
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML... Critical Unreviewed
CVE-2018-1000652 was published May 14, 2022
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can... Critical Unreviewed
CVE-2018-1000651 was published May 14, 2022
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in... Critical Unreviewed
CVE-2018-16521 was published May 14, 2022
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1... Critical Unreviewed
CVE-2018-17411 was published May 14, 2022
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE)... Critical Unreviewed
CVE-2018-15805 was published May 14, 2022
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML... Critical Unreviewed
CVE-2018-1000838 was published May 14, 2022
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in... Critical Unreviewed
CVE-2018-1000834 was published May 14, 2022
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response... Critical Unreviewed
CVE-2018-1000831 was published May 14, 2022
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability... Critical Unreviewed
CVE-2018-1000821 was published May 14, 2022
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser... Critical Unreviewed
CVE-2018-1000830 was published May 14, 2022
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in... Critical Unreviewed
CVE-2018-1000825 was published May 14, 2022
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the... Critical Unreviewed
CVE-2018-20318 was published May 14, 2022
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. Critical Unreviewed
CVE-2019-5748 was published May 14, 2022
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 Critical Unreviewed
CVE-2018-15362 was published May 14, 2022
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man... Critical Unreviewed
CVE-2018-1000829 was published May 14, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed
CVE-2015-8866 was published May 14, 2022
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2018-9116 was published May 14, 2022
Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed
CVE-2019-5918 was published May 14, 2022
XXE issue in Airsonic before 10.1.2 during parse. Critical Unreviewed
CVE-2018-20222 was published May 14, 2022
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows... Critical Unreviewed
CVE-2014-3990 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database