GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,048 advisories
Filter by severity
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection...
Moderate
Unreviewed
CVE-2024-25971
was published
Mar 28, 2024
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
Moderate
Unreviewed
CVE-2024-31139
was published
Mar 28, 2024
A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This...
Moderate
Unreviewed
CVE-2024-2826
was published
Mar 22, 2024
Improper restriction of XML external entity references vulnerability exists in FitNesse all...
Moderate
Unreviewed
CVE-2024-28039
was published
Mar 18, 2024
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE)...
High
Unreviewed
CVE-2024-27266
was published
Mar 14, 2024
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.
High
Unreviewed
CVE-2023-50168
was published
Mar 14, 2024
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an...
Moderate
Unreviewed
CVE-2023-25926
was published
Feb 29, 2024
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
Liferay Portal has an XXE vulnerability in Java2WsddTask._format
High
CVE-2024-25606
was published
for
com.liferay.portal:com.liferay.util.java
(Maven)
Feb 20, 2024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x,...
High
Unreviewed
CVE-2024-22024
was published
Feb 13, 2024
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated...
High
Unreviewed
CVE-2024-24743
was published
Feb 13, 2024
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.
Moderate
Unreviewed
CVE-2023-52239
was published
Feb 6, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0...
High
Unreviewed
CVE-2023-32327
was published
Feb 3, 2024
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can...
Moderate
Unreviewed
CVE-2024-1167
was published
Feb 1, 2024
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on...
Moderate
Unreviewed
CVE-2023-4554
was published
Jan 29, 2024
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture...
Moderate
Unreviewed
CVE-2024-22380
was published
Jan 24, 2024
Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check...
Moderate
Unreviewed
CVE-2024-21765
was published
Jan 24, 2024
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and...
Moderate
Unreviewed
CVE-2024-21796
was published
Jan 24, 2024
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to...
Moderate
Unreviewed
CVE-2024-23525
was published
Jan 18, 2024
fonttools XML External Entity Injection (XXE) Vulnerability
High
CVE-2023-45139
was published
for
fonttools
(pip)
Jan 9, 2024
Qualys Jenkins Plugin for WAS XML External Entity vulnerability
Moderate
CVE-2023-6149
was published
for
com.qualys.plugins:qualys-was
(Maven)
Jan 9, 2024
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability
Moderate
CVE-2023-6147
was published
for
com.qualys.plugins:qualys-pc
(Maven)
Jan 9, 2024
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code...
Critical
Unreviewed
CVE-2023-26999
was published
Jan 9, 2024
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a...
Critical
Unreviewed
CVE-2023-52252
was published
Dec 30, 2023
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or...
Moderate
Unreviewed
CVE-2023-46265
was published
Dec 19, 2023
ProTip!
Advisories are also available from the
GraphQL API