GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,144
Composer 4,333
Erlang 31
GitHub Actions 22
Go 2,095
Maven 5,265
npm 3,760
NuGet 678
pip 3,446
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,536

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

730 advisories

Filter by severity

Sort by

Least recently updated

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and... High Unreviewed

CVE-2023-45727 was published Oct 18, 2023

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed

CVE-2022-32755 was published Oct 14, 2023

SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details... Moderate Unreviewed

CVE-2023-41365 was published Oct 10, 2023

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was... Critical Unreviewed

CVE-2023-45612 was published Oct 9, 2023

FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external... Moderate Unreviewed

CVE-2023-42132 was published Oct 2, 2023

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti... High Unreviewed

CVE-2023-38343 was published Sep 21, 2023

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client... High Unreviewed

CVE-2023-3892 was published Sep 19, 2023

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106... Unknown Unreviewed

CVE-2023-41369 was published Sep 14, 2023

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External... Critical Unreviewed

CVE-2023-35892 was published Sep 5, 2023

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to... High Unreviewed

CVE-2023-40239 was published Sep 1, 2023

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no... Critical Unreviewed

CVE-2022-48565 was published Aug 22, 2023

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. Critical Unreviewed

CVE-2023-32567 was published Aug 10, 2023

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated,... Moderate Unreviewed

CVE-2020-26064 was published Aug 4, 2023

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given... High Unreviewed

CVE-2023-37497 was published Aug 4, 2023

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity... Moderate Unreviewed

CVE-2023-30951 was published Aug 4, 2023

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity... Critical Unreviewed

CVE-2023-37364 was published Aug 3, 2023

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE... Moderate Unreviewed

CVE-2023-32639 was published Jul 25, 2023

XBRL data create application version 7.0 and earlier improperly restricts XML external entity... Moderate Unreviewed

CVE-2023-32635 was published Jul 19, 2023

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of... Critical Unreviewed

CVE-2023-20918 was published Jul 13, 2023

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed

CVE-2023-37200 was published Jul 12, 2023

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed

CVE-2023-2161 was published Jul 6, 2023

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE)... High Unreviewed

CVE-2022-38840 was published Jul 6, 2023

Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view... Moderate Unreviewed

CVE-2023-35786 was published Jul 5, 2023

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common... High Unreviewed

CVE-2023-3113 was published Jun 26, 2023

Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Critical Unreviewed

CVE-2023-24470 was published Jun 14, 2023

Previous 1 2 3 4 5 6 7 … 29 30 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

730 advisories