Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

474 advisories

Loading
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` High
CVE-2024-52807 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
dotasek
An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an... High Unreviewed
CVE-2025-23195 was published Jan 22, 2025
In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete... High Unreviewed
CVE-2018-9375 was published Jan 18, 2025
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... High Unreviewed
CVE-2024-12476 was published Jan 17, 2025
An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML... High Unreviewed
CVE-2024-46602 was published Jan 7, 2025
xml-rs vulnerable to denial of service via invalid token in XML document High
CVE-2023-34411 was published for xml-rs (Rust) Jun 5, 2023
00xc
An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder... High Unreviewed
CVE-2024-46603 was published Jan 7, 2025
Ucum-java has an XXE vulnerability in XML parsing High
CVE-2024-55887 was published for org.fhir:ucum (Maven) Dec 13, 2024
SimpleSAMLphp xml-common XXE vulnerability High
CVE-2024-52596 was published for simplesamlphp/xml-common (Composer) Dec 2, 2024
ahacker1-securesaml
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-53675 was published Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-53674 was published Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-11622 was published Nov 27, 2024
Liferay Portal has an XXE vulnerability in Java2WsddTask._format High
CVE-2024-25606 was published for com.liferay.portal:com.liferay.util.java (Maven) Feb 20, 2024
SimpleSAMLphp vulnerable to XXE in parsing SAML messages High
GHSA-j5g2-q29x-cw3h was published for simplesamlphp/simplesamlphp (Composer) Dec 2, 2024 withdrawn
ahacker1-securesaml
Possible XML External Entity Injection in iManager GET parameter has been discovered in... High Unreviewed
CVE-2023-24466 was published Nov 22, 2024
XML2Dict XML Entity Expansion Vulnerability High
CVE-2021-25951 was published for XML2Dict (pip) Jul 2, 2021
untangle vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-31471 was published for untangle (pip) Aug 6, 2022
XXE in PHPSpreadsheet's XLSX reader High
CVE-2024-48917 was published for phpoffice/phpspreadsheet (Composer) Nov 18, 2024
antoniospataro Antonio-R1
XmlScanner bypass leads to XXE High
CVE-2024-47873 was published for phpoffice/phpspreadsheet (Composer) Nov 18, 2024
Antonio-R1 antoniospataro
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection High
CVE-2023-26043 was published for GeoNode (pip) Aug 30, 2024
jorgectf
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2024-6961 was published for guardrails-ai (pip) Jul 21, 2024
XML External Entity vulnerability in Easy-XML High
CVE-2020-26705 was published for easy-xml (pip) Nov 1, 2021
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an... High Unreviewed
CVE-2024-39726 was published Nov 15, 2024
Kimai has an XXE Leading to Local File Read High
GHSA-534c-hcr7-67jg was published for kimai/kimai (Composer) Sep 17, 2024
ixSly
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` High
CVE-2024-52007 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Nov 8, 2024
soaringlion
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database