GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
446 advisories
Filter by severity
Improper Restriction of XML External Entity Reference
High
CVE-2020-13692
was published
for
org.postgresql:postgresql
(Maven)
Feb 10, 2022
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
High
CVE-2024-34345
was published
for
@cyclonedx/cyclonedx-library
(npm)
May 8, 2024
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability....
High
Unreviewed
CVE-2023-40507
was published
May 3, 2024
D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability....
High
Unreviewed
CVE-2023-44412
was published
May 3, 2024
LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability....
High
Unreviewed
CVE-2023-40503
was published
May 3, 2024
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability....
High
Unreviewed
CVE-2023-40506
was published
May 3, 2024
fonttools XML External Entity Injection (XXE) Vulnerability
High
CVE-2023-45139
was published
for
fonttools
(pip)
Jan 9, 2024
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE)...
High
Unreviewed
CVE-2024-29010
was published
May 1, 2024
OpenStack Nova Live migration fails to update persistent domain XML
High
CVE-2020-17376
was published
for
nova
(pip)
May 24, 2022
getID3 is vulnerable to XML External Entity (XXE)
High
CVE-2014-2053
was published
for
james-heinrich/getid3
(Composer)
May 17, 2022
DotPlant2 Improper Restriction of XML External Entity Reference
High
CVE-2020-25750
was published
for
devgroup/dotplant
(Composer)
May 24, 2022
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3...
High
Unreviewed
CVE-2024-22354
was published
Apr 17, 2024
An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote...
High
Unreviewed
CVE-2018-17169
was published
May 24, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
High
CVE-2012-4399
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Zend Framework XXE Vulnerability
High
CVE-2012-3363
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and...
High
Unreviewed
CVE-2023-45727
was published
Oct 18, 2023
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti...
High
Unreviewed
CVE-2023-38343
was published
Sep 21, 2023
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client...
High
Unreviewed
CVE-2023-3892
was published
Sep 19, 2023
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to...
High
Unreviewed
CVE-2023-40239
was published
Sep 1, 2023
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given...
High
Unreviewed
CVE-2023-37497
was published
Aug 4, 2023
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE)...
High
Unreviewed
CVE-2022-38840
was published
Jul 6, 2023
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common...
High
Unreviewed
CVE-2023-3113
was published
Jun 26, 2023
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks....
High
Unreviewed
CVE-2022-41221
was published
May 24, 2023
Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE)....
High
Unreviewed
CVE-2023-27527
was published
May 10, 2023
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection ...
High
Unreviewed
CVE-2023-28008
was published
Apr 26, 2023
ProTip!
Advisories are also available from the
GraphQL API