Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

244 advisories

Loading
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure... Critical Unreviewed
CVE-2024-7098 was published Sep 16, 2024
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length... Critical Unreviewed
CVE-2024-45490 was published Aug 30, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability Critical
CVE-2024-34102 was published for magento/community-edition (Composer) Jun 13, 2024
Zend-JSON vulnerable to XXE/XEE attacks Critical
GHSA-8x2v-pcg7-94f4 was published for zendframework/zend-json (Composer) Jun 7, 2024
ebookmeta XML External Entity vulnerability Critical
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors Critical
GHSA-mhpx-3rv8-wrjm was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks Critical
GHSA-f4fj-q6m4-cc52 was published for zendframework/zend-xmlrpc (Composer) Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks Critical
GHSA-qc7w-4567-84wv was published for zendframework/zendframework (Composer) Jun 7, 2024
Symfony XML decoding attack vector through external entities Critical
GHSA-j68w-pg49-f6vx was published for symfony/serializer (Composer) May 30, 2024
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2023-26999 was published Jan 9, 2024
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a... Critical Unreviewed
CVE-2023-52252 was published Dec 30, 2023
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability Critical
CVE-2023-49733 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2022-32755 was published Oct 14, 2023
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was... Critical Unreviewed
CVE-2023-45612 was published Oct 9, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External... Critical Unreviewed
CVE-2023-35892 was published Sep 5, 2023
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no... Critical Unreviewed
CVE-2022-48565 was published Aug 22, 2023
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. Critical Unreviewed
CVE-2023-32567 was published Aug 10, 2023
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity... Critical Unreviewed
CVE-2023-37364 was published Aug 3, 2023
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Critical Unreviewed
CVE-2023-24470 was published Jun 14, 2023
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection ... Critical Unreviewed
CVE-2023-27554 was published May 11, 2023
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external... Critical Unreviewed
CVE-2023-28150 was published Mar 25, 2023
An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML... Critical Unreviewed
CVE-2023-28151 was published Mar 24, 2023
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external... Critical Unreviewed
CVE-2023-28152 was published Mar 24, 2023
weixin-python XML External Entity vulnerability Critical
CVE-2018-25082 was published for weixin-python (pip) Mar 21, 2023
ProTip! Advisories are also available from the GraphQL API