Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,062 advisories

Loading
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the... Moderate Unreviewed
CVE-2022-22835 was published Mar 11, 2022
Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component:... High Unreviewed
CVE-2023-21862 was published Jan 18, 2023
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before... High Unreviewed
CVE-2024-37397 was published Sep 12, 2024
XXE in PHPSpreadsheet encoding is returned High
CVE-2024-45048 was published for phpoffice/phpspreadsheet (Composer) Aug 29, 2024
bytehope chinh2597
cavias
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks. High Unreviewed
CVE-2023-37233 was published Sep 10, 2024
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and... Moderate Unreviewed
CVE-2024-21796 was published Jan 24, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations Low
GHSA-58qw-p7qm-5rvh was published for org.eclipse.jetty:jetty-xml (Maven) Jul 10, 2023
uriyay-jfrog joakime
chadlwilson timtebeek
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue High
CVE-2019-12331 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length... Critical Unreviewed
CVE-2024-45490 was published Aug 30, 2024
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC... High Unreviewed
CVE-2024-22218 was published Aug 15, 2024
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to... High Unreviewed
CVE-2024-38653 was published Aug 14, 2024
ClassGraph XML External Entity Reference Moderate
CVE-2021-47621 was published for io.github.classgraph:classgraph (Maven) Jun 21, 2024
The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to... High Unreviewed
CVE-2024-6893 was published Aug 8, 2024
Improper restriction of XML external entity references vulnerability exists in FitNesse all... Moderate Unreviewed
CVE-2024-28039 was published Mar 18, 2024
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE)... Moderate Unreviewed
CVE-2024-3930 was published Jul 30, 2024
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML... Critical Unreviewed
CVE-2019-9670 was published May 24, 2022
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External... High Unreviewed
CVE-2023-50304 was published Jul 18, 2024
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics... Moderate Unreviewed
CVE-2024-5625 was published Jul 18, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability Critical
CVE-2024-34102 was published for magento/community-edition (Composer) Jun 13, 2024
XML External Entity Reference in drools Critical
CVE-2021-41411 was published for org.drools:drools-core (Maven) Jun 17, 2022
wnicholson
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application ... High Unreviewed
CVE-2023-49110 was published Jun 20, 2024
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser... High Unreviewed
CVE-2019-1057 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database