GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
686 advisories
Filter by severity
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could...
Moderate
Unreviewed
CVE-2023-37200
was published
Jul 12, 2023
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could...
Moderate
Unreviewed
CVE-2023-2161
was published
Jul 6, 2023
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE)...
High
Unreviewed
CVE-2022-38840
was published
Jul 6, 2023
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view...
Moderate
Unreviewed
CVE-2023-35786
was published
Jul 5, 2023
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common...
High
Unreviewed
CVE-2023-3113
was published
Jun 26, 2023
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
Critical
Unreviewed
CVE-2023-24470
was published
Jun 14, 2023
Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC...
Moderate
Unreviewed
CVE-2023-29498
was published
Jun 13, 2023
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can...
Moderate
Unreviewed
CVE-2023-32706
was published
Jun 1, 2023
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks....
High
Unreviewed
CVE-2022-41221
was published
May 24, 2023
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by...
Moderate
Unreviewed
CVE-2023-2806
was published
May 19, 2023
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ...
Moderate
Unreviewed
CVE-2023-20173
was published
May 18, 2023
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ...
Moderate
Unreviewed
CVE-2023-20174
was published
May 18, 2023
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection ...
Critical
Unreviewed
CVE-2023-27554
was published
May 11, 2023
Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE)....
High
Unreviewed
CVE-2023-27527
was published
May 10, 2023
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user...
Moderate
Unreviewed
CVE-2022-45876
was published
Apr 27, 2023
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when...
High
Unreviewed
CVE-2023-28009
was published
Apr 26, 2023
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection ...
High
Unreviewed
CVE-2023-28008
was published
Apr 26, 2023
Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to conduct an XXE attack.
Moderate
Unreviewed
CVE-2023-29443
was published
Apr 26, 2023
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance...
Moderate
Unreviewed
CVE-2023-26058
was published
Apr 25, 2023
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the...
Moderate
Unreviewed
CVE-2023-26057
was published
Apr 25, 2023
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML...
Moderate
Unreviewed
CVE-2023-26263
was published
Apr 13, 2023
All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML...
Moderate
Unreviewed
CVE-2023-26264
was published
Apr 13, 2023
A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The application...
Moderate
Unreviewed
CVE-2023-28828
was published
Apr 11, 2023
National land numerical information data conversion tool all versions improperly restricts XML...
Moderate
Unreviewed
CVE-2023-25955
was published
Apr 11, 2023
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
Moderate
Unreviewed
CVE-2023-28340
was published
Apr 11, 2023
ProTip!
Advisories are also available from the
GraphQL API