GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,645
Composer 4,233
Erlang 31
GitHub Actions 20
Go 1,992
Maven 5,179
npm 3,709
NuGet 661
pip 3,346
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 234,924

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

308 advisories

Filter by severity

Sort by

Least recently updated

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML... High Unreviewed

CVE-2023-22274 was published Nov 17, 2023

A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2... High Unreviewed

CVE-2023-46590 was published Nov 14, 2023

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and... High Unreviewed

CVE-2023-45727 was published Oct 18, 2023

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti... High Unreviewed

CVE-2023-38343 was published Sep 21, 2023

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client... High Unreviewed

CVE-2023-3892 was published Sep 19, 2023

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to... High Unreviewed

CVE-2023-40239 was published Sep 1, 2023

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given... High Unreviewed

CVE-2023-37497 was published Aug 4, 2023

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE)... High Unreviewed

CVE-2022-38840 was published Jul 6, 2023

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common... High Unreviewed

CVE-2023-3113 was published Jun 26, 2023

The client in OpenText Archive Center Administration through 21.2 allows XXE attacks.... High Unreviewed

CVE-2022-41221 was published May 24, 2023

Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE).... High Unreviewed

CVE-2023-27527 was published May 10, 2023

HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection ... High Unreviewed

CVE-2023-28008 was published Apr 26, 2023

HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when... High Unreviewed

CVE-2023-28009 was published Apr 26, 2023

IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing... High Unreviewed

CVE-2023-27876 was published Apr 7, 2023

This vulnerability allows remote attackers to disclose sensitive information on affected... High Unreviewed

CVE-2022-36969 was published Mar 29, 2023

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when... High Unreviewed

CVE-2023-27874 was published Mar 21, 2023

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious... High Unreviewed

CVE-2023-20855 was published Feb 22, 2023

An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the... High Unreviewed

CVE-2021-33950 was published Feb 17, 2023

Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection... High Unreviewed

CVE-2023-24323 was published Feb 9, 2023

Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component:... High Unreviewed

CVE-2023-21862 was published Jan 18, 2023

Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. High Unreviewed

CVE-2023-22624 was published Jan 17, 2023

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A... High Unreviewed

CVE-2023-23595 was published Jan 15, 2023

An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec... High Unreviewed

CVE-2022-25628 was published Dec 21, 2022

An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote... High Unreviewed

CVE-2022-47514 was published Dec 18, 2022

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can... High Unreviewed

CVE-2022-40304 was published Nov 23, 2022

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

308 advisories