GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure...
Moderate
Unreviewed
CVE-2023-42035
was published
May 3, 2024
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information...
Moderate
Unreviewed
CVE-2023-39472
was published
May 3, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Moderate
CVE-2022-47894
was published
for
org.apache.zeppelin:sap
(Maven)
Apr 9, 2024
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection...
Moderate
Unreviewed
CVE-2024-25971
was published
Mar 28, 2024
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
Moderate
Unreviewed
CVE-2024-31139
was published
Mar 28, 2024
A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This...
Moderate
Unreviewed
CVE-2024-2826
was published
Mar 22, 2024
Improper restriction of XML external entity references vulnerability exists in FitNesse all...
Moderate
Unreviewed
CVE-2024-28039
was published
Mar 18, 2024
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an...
Moderate
Unreviewed
CVE-2023-25926
was published
Feb 29, 2024
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.
Moderate
Unreviewed
CVE-2023-52239
was published
Feb 6, 2024
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can...
Moderate
Unreviewed
CVE-2024-1167
was published
Feb 1, 2024
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on...
Moderate
Unreviewed
CVE-2023-4554
was published
Jan 29, 2024
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and...
Moderate
Unreviewed
CVE-2024-21796
was published
Jan 24, 2024
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture...
Moderate
Unreviewed
CVE-2024-22380
was published
Jan 24, 2024
Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check...
Moderate
Unreviewed
CVE-2024-21765
was published
Jan 24, 2024
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to...
Moderate
Unreviewed
CVE-2024-23525
was published
Jan 18, 2024
Qualys Jenkins Plugin for WAS XML External Entity vulnerability
Moderate
CVE-2023-6149
was published
for
com.qualys.plugins:qualys-was
(Maven)
Jan 9, 2024
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability
Moderate
CVE-2023-6147
was published
for
com.qualys.plugins:qualys-pc
(Maven)
Jan 9, 2024
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or...
Moderate
Unreviewed
CVE-2023-46265
was published
Dec 19, 2023
WSO2 products vulnerable to XML External Entity attack
Moderate
CVE-2023-6836
was published
for
org.wso2.am:wso2am
(Maven)
Dec 15, 2023
Duplicate Advisory: Eclipse IDE XXE in eclipse.platform
Moderate
GHSA-cc4w-3cff-j8fw
was published
for
org.eclipse.platform:eclipse.platform
(Maven)
Nov 9, 2023
•
withdrawn
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in...
Moderate
Unreviewed
CVE-2023-5136
was published
Nov 8, 2023
e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE...
Moderate
Unreviewed
CVE-2023-46802
was published
Nov 6, 2023
An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the...
Moderate
Unreviewed
CVE-2022-34832
was published
Oct 27, 2023
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack...
Moderate
Unreviewed
CVE-2023-43067
was published
Oct 23, 2023
ProTip!
Advisories are also available from the
GraphQL API