Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

316 advisories

Loading
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3... High Unreviewed
CVE-2024-22354 was published Apr 17, 2024
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE)... High Unreviewed
CVE-2024-27266 was published Mar 14, 2024
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. High Unreviewed
CVE-2023-50168 was published Mar 14, 2024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x,... High Unreviewed
CVE-2024-22024 was published Feb 13, 2024
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated... High Unreviewed
CVE-2024-24743 was published Feb 13, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... High Unreviewed
CVE-2023-32327 was published Feb 3, 2024
An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions... High Unreviewed
CVE-2023-6280 was published Dec 19, 2023
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with... High Unreviewed
CVE-2023-6721 was published Dec 13, 2023
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML... High Unreviewed
CVE-2023-22274 was published Nov 17, 2023
A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2... High Unreviewed
CVE-2023-46590 was published Nov 14, 2023
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and... High Unreviewed
CVE-2023-45727 was published Oct 18, 2023
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti... High Unreviewed
CVE-2023-38343 was published Sep 21, 2023
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client... High Unreviewed
CVE-2023-3892 was published Sep 19, 2023
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to... High Unreviewed
CVE-2023-40239 was published Sep 1, 2023
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given... High Unreviewed
CVE-2023-37497 was published Aug 4, 2023
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE)... High Unreviewed
CVE-2022-38840 was published Jul 6, 2023
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common... High Unreviewed
CVE-2023-3113 was published Jun 26, 2023
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks.... High Unreviewed
CVE-2022-41221 was published May 24, 2023
Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE).... High Unreviewed
CVE-2023-27527 was published May 10, 2023
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when... High Unreviewed
CVE-2023-28009 was published Apr 26, 2023
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection ... High Unreviewed
CVE-2023-28008 was published Apr 26, 2023
IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing... High Unreviewed
CVE-2023-27876 was published Apr 7, 2023
This vulnerability allows remote attackers to disclose sensitive information on affected... High Unreviewed
CVE-2022-36969 was published Mar 29, 2023
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when... High Unreviewed
CVE-2023-27874 was published Mar 21, 2023
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious... High Unreviewed
CVE-2023-20855 was published Feb 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database