Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,062 advisories

Loading
SimpleSAMLphp xml-common XXE vulnerability High
CVE-2024-52596 was published for simplesamlphp/xml-common (Composer) Dec 2, 2024
ahacker1-securesaml
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-53674 was published Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-53675 was published Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-11622 was published Nov 27, 2024
Microsoft SharePoint Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-49064 was published Dec 12, 2024
Liferay Portal has an XXE vulnerability in Java2WsddTask._format High
CVE-2024-25606 was published for com.liferay.portal:com.liferay.util.java (Maven) Feb 20, 2024
When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default... Moderate Unreviewed
CVE-2024-8602 was published Oct 14, 2024
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and... Moderate Unreviewed
CVE-2024-49535 was published Dec 10, 2024
unstructured XML External Entity (XXE) Moderate
CVE-2024-46455 was published for unstructured (pip) Dec 9, 2024
A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 ... Moderate Unreviewed
CVE-2024-54005 was published Dec 10, 2024
A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 ... Moderate Unreviewed
CVE-2024-49704 was published Dec 10, 2024
Due to missing validation of XML input, an unauthenticated attacker could send malicious input to... Moderate Unreviewed
CVE-2024-47582 was published Dec 10, 2024
SimpleSAMLphp vulnerable to XXE in parsing SAML messages High
GHSA-j5g2-q29x-cw3h was published for simplesamlphp/simplesamlphp (Composer) Dec 2, 2024 withdrawn
ahacker1-securesaml
Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability. Moderate Unreviewed
CVE-2024-40075 was published Jul 22, 2024
A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1... Moderate Unreviewed
CVE-2024-9044 was published Nov 29, 2024
Possible XML External Entity Injection in iManager GET parameter has been discovered in... High Unreviewed
CVE-2023-24466 was published Nov 22, 2024
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed
CVE-2024-10218 was published Nov 12, 2024
An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import... Moderate Unreviewed
CVE-2024-50848 was published Nov 18, 2024
XML2Dict XML Entity Expansion Vulnerability High
CVE-2021-25951 was published for XML2Dict (pip) Jul 2, 2021
untangle vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-31471 was published for untangle (pip) Aug 6, 2022
XXE in PHPSpreadsheet's XLSX reader High
CVE-2024-48917 was published for phpoffice/phpspreadsheet (Composer) Nov 18, 2024
antoniospataro Antonio-R1
Improper Restriction of XML External Entity Reference in dompdf/dompdf Critical
CVE-2021-3902 was published for dompdf/dompdf (Composer) Nov 15, 2024
XmlScanner bypass leads to XXE High
CVE-2024-47873 was published for phpoffice/phpspreadsheet (Composer) Nov 18, 2024
Antonio-R1 antoniospataro
A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated,... Moderate Unreviewed
CVE-2020-26066 was published Nov 18, 2024
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection High
CVE-2023-26043 was published for GeoNode (pip) Aug 30, 2024
jorgectf
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database