Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

446 advisories

Loading
Improper Restriction of XML External Entity Reference High
CVE-2020-13692 was published for org.postgresql:postgresql (Maven) Feb 10, 2022
SunBK201
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability High
CVE-2024-34345 was published for @cyclonedx/cyclonedx-library (npm) May 8, 2024
jkowalleck
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-40507 was published May 3, 2024
D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-44412 was published May 3, 2024
LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-40503 was published May 3, 2024
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-40506 was published May 3, 2024
fonttools XML External Entity Injection (XXE) Vulnerability High
CVE-2023-45139 was published for fonttools (pip) Jan 9, 2024
acornall
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE)... High Unreviewed
CVE-2024-29010 was published May 1, 2024
OpenStack Nova Live migration fails to update persistent domain XML High
CVE-2020-17376 was published for nova (pip) May 24, 2022
getID3 is vulnerable to XML External Entity (XXE) High
CVE-2014-2053 was published for james-heinrich/getid3 (Composer) May 17, 2022
DotPlant2 Improper Restriction of XML External Entity Reference High
CVE-2020-25750 was published for devgroup/dotplant (Composer) May 24, 2022
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3... High Unreviewed
CVE-2024-22354 was published Apr 17, 2024
An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote... High Unreviewed
CVE-2018-17169 was published May 24, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references High
CVE-2012-4399 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
Zend Framework XXE Vulnerability High
CVE-2012-3363 was published for zendframework/zendframework1 (Composer) May 17, 2022
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and... High Unreviewed
CVE-2023-45727 was published Oct 18, 2023
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti... High Unreviewed
CVE-2023-38343 was published Sep 21, 2023
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client... High Unreviewed
CVE-2023-3892 was published Sep 19, 2023
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to... High Unreviewed
CVE-2023-40239 was published Sep 1, 2023
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given... High Unreviewed
CVE-2023-37497 was published Aug 4, 2023
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE)... High Unreviewed
CVE-2022-38840 was published Jul 6, 2023
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common... High Unreviewed
CVE-2023-3113 was published Jun 26, 2023
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks.... High Unreviewed
CVE-2022-41221 was published May 24, 2023
Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE).... High Unreviewed
CVE-2023-27527 was published May 10, 2023
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection ... High Unreviewed
CVE-2023-28008 was published Apr 26, 2023
ProTip! Advisories are also available from the GraphQL API