Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

995 advisories

Loading
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3... High Unreviewed
CVE-2024-22354 was published Apr 17, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE Moderate
CVE-2022-47894 was published for org.apache.zeppelin:sap (Maven) Apr 9, 2024
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection... Moderate Unreviewed
CVE-2024-25971 was published Mar 28, 2024
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector Moderate Unreviewed
CVE-2024-31139 was published Mar 28, 2024
A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This... Moderate Unreviewed
CVE-2024-2826 was published Mar 22, 2024
Improper restriction of XML external entity references vulnerability exists in FitNesse all... Moderate Unreviewed
CVE-2024-28039 was published Mar 18, 2024
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE)... High Unreviewed
CVE-2024-27266 was published Mar 14, 2024
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. High Unreviewed
CVE-2023-50168 was published Mar 14, 2024
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an... Moderate Unreviewed
CVE-2023-25926 was published Feb 29, 2024
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd
XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and... High Unreviewed
CVE-2024-25606 was published Feb 20, 2024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x,... High Unreviewed
CVE-2024-22024 was published Feb 13, 2024
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated... High Unreviewed
CVE-2024-24743 was published Feb 13, 2024
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport. Moderate Unreviewed
CVE-2023-52239 was published Feb 6, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... High Unreviewed
CVE-2023-32327 was published Feb 3, 2024
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can... Moderate Unreviewed
CVE-2024-1167 was published Feb 1, 2024
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on... Moderate Unreviewed
CVE-2023-4554 was published Jan 29, 2024
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and... Moderate Unreviewed
CVE-2024-21796 was published Jan 24, 2024
Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check... Moderate Unreviewed
CVE-2024-21765 was published Jan 24, 2024
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture... Moderate Unreviewed
CVE-2024-22380 was published Jan 24, 2024
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to... Moderate Unreviewed
CVE-2024-23525 was published Jan 18, 2024
fonttools XML External Entity Injection (XXE) Vulnerability High
CVE-2023-45139 was published for fonttools (pip) Jan 9, 2024
acornall
Qualys Jenkins Plugin for WAS XML External Entity vulnerability Moderate
CVE-2023-6149 was published for com.qualys.plugins:qualys-was (Maven) Jan 9, 2024
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability Moderate
CVE-2023-6147 was published for com.qualys.plugins:qualys-pc (Maven) Jan 9, 2024
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2023-26999 was published Jan 9, 2024
ProTip! Advisories are also available from the GraphQL API