Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

445 advisories

Loading
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before... High Unreviewed
CVE-2024-37397 was published Sep 12, 2024
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks. High Unreviewed
CVE-2023-37233 was published Sep 10, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
XXE in PHPSpreadsheet encoding is returned High
CVE-2024-45048 was published for phpoffice/phpspreadsheet (Composer) Aug 29, 2024
bytehope chinh2597
cavias
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC... High Unreviewed
CVE-2024-22218 was published Aug 15, 2024
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to... High Unreviewed
CVE-2024-38653 was published Aug 14, 2024
The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to... High Unreviewed
CVE-2024-6893 was published Aug 8, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External... High Unreviewed
CVE-2023-50304 was published Jul 18, 2024
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application ... High Unreviewed
CVE-2023-49110 was published Jun 20, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc High
GHSA-229x-22xc-2f2w was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors High
GHSA-4j9x-g4x8-vcmf was published for zendframework/zendframework1 (Composer) Jun 7, 2024
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML... High Unreviewed
CVE-2023-45192 was published Jun 6, 2024
Symfony XXE security vulnerability High
GHSA-rjpm-qmq7-q85w was published for symfony/routing (Composer) May 30, 2024
Symfony XML Entity Expansion security vulnerability High
GHSA-c636-cg5r-2498 was published for symfony/dependency-injection (Composer) May 29, 2024
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could... High Unreviewed
CVE-2024-3486 was published May 15, 2024
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability High
CVE-2024-34345 was published for @cyclonedx/cyclonedx-library (npm) May 8, 2024
jkowalleck
D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-44412 was published May 3, 2024
LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-40503 was published May 3, 2024
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-40507 was published May 3, 2024
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-40506 was published May 3, 2024
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE)... High Unreviewed
CVE-2024-29010 was published May 1, 2024
ProTip! Advisories are also available from the GraphQL API