GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,028 advisories
Filter by severity
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-45293
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML...
Moderate
Unreviewed
CVE-2024-45745
was published
Sep 27, 2024
DataEase has an XML External Entity Reference vulnerability
High
CVE-2024-46985
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
High
CVE-2024-46984
was published
for
de.gematik.refv.commons:commons
(Maven)
Sep 19, 2024
Kimai has an XXE Leading to Local File Read
High
GHSA-534c-hcr7-67jg
was published
for
kimai/kimai
(Composer)
Sep 17, 2024
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure...
Critical
Unreviewed
CVE-2024-7098
was published
Sep 16, 2024
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before...
High
Unreviewed
CVE-2024-37397
was published
Sep 12, 2024
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.
High
Unreviewed
CVE-2023-37233
was published
Sep 10, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
High
CVE-2024-45294
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Sep 6, 2024
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection
High
CVE-2023-26043
was published
for
GeoNode
(pip)
Aug 30, 2024
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length...
Critical
Unreviewed
CVE-2024-45490
was published
Aug 30, 2024
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC...
High
Unreviewed
CVE-2024-22218
was published
Aug 15, 2024
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to...
High
Unreviewed
CVE-2024-38653
was published
Aug 14, 2024
The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to...
High
Unreviewed
CVE-2024-6893
was published
Aug 8, 2024
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE)...
Moderate
Unreviewed
CVE-2024-3930
was published
Jul 30, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
High
CVE-2023-48362
was published
for
org.apache.drill.exec:drill-java-exec
(Maven)
Jul 24, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference
High
CVE-2024-6961
was published
for
guardrails-ai
(pip)
Jul 21, 2024
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics...
Moderate
Unreviewed
CVE-2024-5625
was published
Jul 18, 2024
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External...
High
Unreviewed
CVE-2023-50304
was published
Jul 18, 2024
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
High
CVE-2024-38374
was published
for
org.cyclonedx:cyclonedx-core-java
(Maven)
Jun 24, 2024
ClassGraph XML External Entity Reference
Moderate
CVE-2021-47621
was published
for
io.github.classgraph:classgraph
(Maven)
Jun 21, 2024
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web
application ...
High
Unreviewed
CVE-2023-49110
was published
Jun 20, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Critical
CVE-2024-34102
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API