Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

171 advisories

Loading
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra... Critical Unreviewed
CVE-2018-20160 was published May 24, 2022
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has... Critical Unreviewed
CVE-2018-8940 was published May 24, 2022
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk... Critical Unreviewed
CVE-2019-7442 was published May 24, 2022
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. Critical Unreviewed
CVE-2018-14485 was published May 24, 2022
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224... Critical Unreviewed
CVE-2019-11677 was published May 24, 2022
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5,... Critical Unreviewed
CVE-2016-8348 was published May 17, 2022
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a... Critical Unreviewed
CVE-2016-9706 was published May 17, 2022
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data... Critical Unreviewed
CVE-2017-6895 was published May 17, 2022
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by... Critical Unreviewed
CVE-2016-6111 was published May 17, 2022
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Critical Unreviewed
CVE-2015-7273 was published May 17, 2022
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform... Critical Unreviewed
CVE-2017-7503 was published May 17, 2022
An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library... Critical Unreviewed
CVE-2017-10670 was published May 17, 2022
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and... Critical Unreviewed
CVE-2016-7460 was published May 17, 2022
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity... Critical Unreviewed
CVE-2017-1383 was published May 17, 2022
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 ... Critical Unreviewed
CVE-2017-14759 was published May 17, 2022
XML external entity (XXE) vulnerability in the import package functionality of the deployment... Critical Unreviewed
CVE-2017-13706 was published May 17, 2022
The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote... Critical Unreviewed
CVE-2014-9487 was published May 17, 2022
A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image... Critical Unreviewed
CVE-2017-14101 was published May 14, 2022
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17... Critical Unreviewed
CVE-2014-3244 was published May 14, 2022
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1,... Critical Unreviewed
CVE-2014-3005 was published May 14, 2022
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the... Critical Unreviewed
CVE-2017-7375 was published May 14, 2022
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center,... Critical Unreviewed
CVE-2018-6489 was published May 14, 2022
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE)... Critical Unreviewed
CVE-2018-1000124 was published May 14, 2022
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2)... Critical Unreviewed
CVE-2014-0931 was published May 14, 2022
In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions... Critical Unreviewed
CVE-2018-1183 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database