Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

686 advisories

Loading
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2023-37200 was published Jul 12, 2023
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2023-2161 was published Jul 6, 2023
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE)... High Unreviewed
CVE-2022-38840 was published Jul 6, 2023
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view... Moderate Unreviewed
CVE-2023-35786 was published Jul 5, 2023
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common... High Unreviewed
CVE-2023-3113 was published Jun 26, 2023
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Critical Unreviewed
CVE-2023-24470 was published Jun 14, 2023
Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC... Moderate Unreviewed
CVE-2023-29498 was published Jun 13, 2023
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can... Moderate Unreviewed
CVE-2023-32706 was published Jun 1, 2023
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks.... High Unreviewed
CVE-2022-41221 was published May 24, 2023
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by... Moderate Unreviewed
CVE-2023-2806 was published May 19, 2023
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ... Moderate Unreviewed
CVE-2023-20173 was published May 18, 2023
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ... Moderate Unreviewed
CVE-2023-20174 was published May 18, 2023
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection ... Critical Unreviewed
CVE-2023-27554 was published May 11, 2023
Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE).... High Unreviewed
CVE-2023-27527 was published May 10, 2023
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user... Moderate Unreviewed
CVE-2022-45876 was published Apr 27, 2023
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when... High Unreviewed
CVE-2023-28009 was published Apr 26, 2023
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection ... High Unreviewed
CVE-2023-28008 was published Apr 26, 2023
Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to conduct an XXE attack. Moderate Unreviewed
CVE-2023-29443 was published Apr 26, 2023
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance... Moderate Unreviewed
CVE-2023-26058 was published Apr 25, 2023
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the... Moderate Unreviewed
CVE-2023-26057 was published Apr 25, 2023
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML... Moderate Unreviewed
CVE-2023-26263 was published Apr 13, 2023
All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML... Moderate Unreviewed
CVE-2023-26264 was published Apr 13, 2023
A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The application... Moderate Unreviewed
CVE-2023-28828 was published Apr 11, 2023
National land numerical information data conversion tool all versions improperly restricts XML... Moderate Unreviewed
CVE-2023-25955 was published Apr 11, 2023
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. Moderate Unreviewed
CVE-2023-28340 was published Apr 11, 2023
ProTip! Advisories are also available from the GraphQL API