Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities Moderate
CVE-2015-5161 was published for zendframework/zendframework (Composer) May 17, 2022
Zend Framework XEE Vulnerability Moderate
CVE-2012-6532 was published for zendframework/zendframework1 (Composer) May 17, 2022
Zend Framework XEE Vulnerability Moderate
CVE-2012-6531 was published for zendframework/zendframework1 (Composer) May 17, 2022
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion,... High Unreviewed
CVE-2011-3288 was published May 17, 2022
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute... Critical Unreviewed
CVE-2014-2228 was published May 17, 2022
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that... High Unreviewed
CVE-2015-9541 was published May 24, 2022
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0... Moderate Unreviewed
CVE-2019-20104 was published May 24, 2022
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur... High Unreviewed
CVE-2020-9352 was published May 24, 2022
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by... Moderate Unreviewed
CVE-2020-9354 was published May 24, 2022
XXE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2020-2172 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with... High Unreviewed
CVE-2020-3946 was published May 24, 2022
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack... Moderate Unreviewed
CVE-2020-4377 was published May 24, 2022
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML... Moderate Unreviewed
CVE-2020-4481 was published May 24, 2022
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3... Moderate Unreviewed
CVE-2020-24052 was published May 24, 2022
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML... Moderate Unreviewed
CVE-2020-24589 was published May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates.... Moderate Unreviewed
CVE-2020-24591 was published May 24, 2022
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing... High Unreviewed
CVE-2020-25186 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML... Moderate Unreviewed
CVE-2020-27017 was published May 24, 2022
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could... Moderate Unreviewed
CVE-2021-1267 was published May 24, 2022
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity... Moderate Unreviewed
CVE-2020-24665 was published May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument... High Unreviewed
CVE-2021-28302 was published May 24, 2022
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build... Moderate Unreviewed
CVE-2021-28973 was published May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity... High Unreviewed
CVE-2021-20453 was published May 24, 2022
It has been discovered that redhat-certification does not properly limit the number of recursive... High Unreviewed
CVE-2018-10868 was published May 24, 2022
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related... Moderate Unreviewed
CVE-2020-15303 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database