GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
686 advisories
Filter by severity
An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions...
High
Unreviewed
CVE-2023-6280
was published
Dec 19, 2023
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with...
High
Unreviewed
CVE-2023-6721
was published
Dec 13, 2023
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered...
Low
Unreviewed
CVE-2023-6194
was published
Dec 11, 2023
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML...
High
Unreviewed
CVE-2023-22274
was published
Nov 17, 2023
A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2...
High
Unreviewed
CVE-2023-46590
was published
Nov 14, 2023
An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the...
Moderate
Unreviewed
CVE-2022-34832
was published
Oct 27, 2023
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack...
Moderate
Unreviewed
CVE-2023-43067
was published
Oct 23, 2023
CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper...
Moderate
Unreviewed
CVE-2023-43624
was published
Oct 23, 2023
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and...
High
Unreviewed
CVE-2023-45727
was published
Oct 18, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was...
Critical
Unreviewed
CVE-2023-45612
was published
Oct 9, 2023
FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external...
Moderate
Unreviewed
CVE-2023-42132
was published
Oct 2, 2023
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti...
High
Unreviewed
CVE-2023-38343
was published
Sep 21, 2023
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client...
High
Unreviewed
CVE-2023-3892
was published
Sep 19, 2023
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106...
Unknown
Unreviewed
CVE-2023-41369
was published
Sep 14, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External...
Critical
Unreviewed
CVE-2023-35892
was published
Sep 5, 2023
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to...
High
Unreviewed
CVE-2023-40239
was published
Sep 1, 2023
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no...
Critical
Unreviewed
CVE-2022-48565
was published
Aug 22, 2023
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.
Critical
Unreviewed
CVE-2023-32567
was published
Aug 10, 2023
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated,...
Moderate
Unreviewed
CVE-2020-26064
was published
Aug 4, 2023
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given...
High
Unreviewed
CVE-2023-37497
was published
Aug 4, 2023
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity...
Moderate
Unreviewed
CVE-2023-30951
was published
Aug 4, 2023
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity...
Critical
Unreviewed
CVE-2023-37364
was published
Aug 3, 2023
Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE...
Moderate
Unreviewed
CVE-2023-32639
was published
Jul 25, 2023
XBRL data create application version 7.0 and earlier improperly restricts XML external entity...
Moderate
Unreviewed
CVE-2023-32635
was published
Jul 19, 2023
ProTip!
Advisories are also available from the
GraphQL API