Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

996 advisories

Loading
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a... Critical Unreviewed
CVE-2023-52252 was published Dec 30, 2023
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or... Moderate Unreviewed
CVE-2023-46265 was published Dec 19, 2023
An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions... High Unreviewed
CVE-2023-6280 was published Dec 19, 2023
WSO2 products vulnerable to XML External Entity attack Moderate
CVE-2023-6836 was published for org.wso2.am:wso2am (Maven) Dec 15, 2023
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with... High Unreviewed
CVE-2023-6721 was published Dec 13, 2023
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered... Low Unreviewed
CVE-2023-6194 was published Dec 11, 2023
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability Critical
CVE-2023-49733 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
Jenkins MATLAB Plugin XML External Entity vulnerability High
CVE-2023-49656 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML... High Unreviewed
CVE-2023-22274 was published Nov 17, 2023
A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2... High Unreviewed
CVE-2023-46590 was published Nov 14, 2023
Duplicate Advisory: Eclipse IDE XXE in eclipse.platform Moderate
GHSA-cc4w-3cff-j8fw was published for org.eclipse.platform:eclipse.platform (Maven) Nov 9, 2023 withdrawn
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the... Moderate Unreviewed
CVE-2022-34832 was published Oct 27, 2023
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack... Moderate Unreviewed
CVE-2023-43067 was published Oct 23, 2023
CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper... Moderate Unreviewed
CVE-2023-43624 was published Oct 23, 2023
svg_optimizer rubygem external XML entity (XXE) vulnerability Moderate
CVE-2023-46035 was published for svg_optimizer (RubyGems) Oct 20, 2023
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and... High Unreviewed
CVE-2023-45727 was published Oct 18, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2022-32755 was published Oct 14, 2023
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was... Critical Unreviewed
CVE-2023-45612 was published Oct 9, 2023
FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external... Moderate Unreviewed
CVE-2023-42132 was published Oct 2, 2023
codehaus-plexus vulnerable to XML injection Moderate
CVE-2022-4245 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti... High Unreviewed
CVE-2023-38343 was published Sep 21, 2023
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client... High Unreviewed
CVE-2023-3892 was published Sep 19, 2023
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106... Unknown Unreviewed
CVE-2023-41369 was published Sep 14, 2023
Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin Moderate
CVE-2023-41932 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Sep 6, 2023
ProTip! Advisories are also available from the GraphQL API