GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
995 advisories
Filter by severity
Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin
Moderate
CVE-2023-41932
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Sep 6, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External...
Critical
Unreviewed
CVE-2023-35892
was published
Sep 5, 2023
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to...
High
Unreviewed
CVE-2023-40239
was published
Sep 1, 2023
DDFFileParser is vulnerable to XXE Attacks
Moderate
CVE-2023-41034
was published
for
org.eclipse.leshan:leshan-core
(Maven)
Aug 31, 2023
Esoteric YamlBeans XML Entity Expansion vulnerability
Moderate
CVE-2023-24620
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no...
Critical
Unreviewed
CVE-2022-48565
was published
Aug 22, 2023
Apache Ivy External Entity Reference vulnerability
High
CVE-2022-46751
was published
for
org.apache.ivy:ivy
(Maven)
Aug 21, 2023
OpenNMS Horizon XXE Injection Vulnerability
High
CVE-2023-0871
was published
for
org.opennms.core:org.opennms.core.xml
(Maven)
Aug 11, 2023
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.
Critical
Unreviewed
CVE-2023-32567
was published
Aug 10, 2023
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated,...
Moderate
Unreviewed
CVE-2020-26064
was published
Aug 4, 2023
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity...
Moderate
Unreviewed
CVE-2023-30951
was published
Aug 4, 2023
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given...
High
Unreviewed
CVE-2023-37497
was published
Aug 4, 2023
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity...
Critical
Unreviewed
CVE-2023-37364
was published
Aug 3, 2023
XML External Entity (XXE) vulnerability in the XML data handler
Moderate
CVE-2023-38490
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE...
Moderate
Unreviewed
CVE-2023-32639
was published
Jul 25, 2023
XBRL data create application version 7.0 and earlier improperly restricts XML external entity...
Moderate
Unreviewed
CVE-2023-32635
was published
Jul 19, 2023
Jenkins External Monitor Job Type Plugin XML external entity vulnerability
Moderate
CVE-2023-37942
was published
for
org.jenkins-ci.plugins:external-monitor-job
(Maven)
Jul 12, 2023
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could...
Moderate
Unreviewed
CVE-2023-37200
was published
Jul 12, 2023
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Low
GHSA-58qw-p7qm-5rvh
was published
for
org.eclipse.jetty:jetty-xml
(Maven)
Jul 10, 2023
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could...
Moderate
Unreviewed
CVE-2023-2161
was published
Jul 6, 2023
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE)...
High
Unreviewed
CVE-2022-38840
was published
Jul 6, 2023
Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability
High
CVE-2023-28685
was published
for
org.jenkins-ci.plugins:absint-a3
(Maven)
Jul 6, 2023
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view...
Moderate
Unreviewed
CVE-2023-35786
was published
Jul 5, 2023
py-xml XML External Entity Injection vulnerability
High
CVE-2020-26709
was published
for
py-xml
(pip)
Jun 29, 2023
easy-parse XML External Entity Injection vulnerability
High
CVE-2020-26710
was published
for
easy-parse
(pip)
Jun 29, 2023
ProTip!
Advisories are also available from the
GraphQL API