GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
999 advisories
Filter by severity
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Moderate
CVE-2022-47894
was published
for
org.apache.zeppelin:sap
(Maven)
Apr 9, 2024
fonttools XML External Entity Injection (XXE) Vulnerability
High
CVE-2023-45139
was published
for
fonttools
(pip)
Jan 9, 2024
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE)...
High
Unreviewed
CVE-2024-29010
was published
May 1, 2024
SilverStripe XXE Vulnerability in CSSContentParser
Moderate
CVE-2020-25817
was published
for
silverstripe/framework
(Composer)
May 24, 2022
PHPOffice Common Improper Restriction of XML External Entity Reference
Critical
CVE-2018-14065
was published
for
phpoffice/common
(Composer)
May 14, 2022
getID3 is vulnerable to XML External Entity (XXE)
High
CVE-2014-2053
was published
for
james-heinrich/getid3
(Composer)
May 17, 2022
DotPlant2 Improper Restriction of XML External Entity Reference
High
CVE-2020-25750
was published
for
devgroup/dotplant
(Composer)
May 24, 2022
Apache ActiveMQ Apollo XXE Vulnerability
Critical
CVE-2014-3579
was published
for
org.apache.activemq:apollo-project
(Maven)
May 14, 2022
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3...
High
Unreviewed
CVE-2024-22354
was published
Apr 17, 2024
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2014-3529
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Remote code execution occurs in Apache Solr
Critical
CVE-2017-12629
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity...
Moderate
Unreviewed
CVE-2023-30951
was published
Aug 4, 2023
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view...
Moderate
Unreviewed
CVE-2023-35786
was published
Jul 5, 2023
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
Critical
Unreviewed
CVE-2018-14485
was published
May 24, 2022
An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote...
High
Unreviewed
CVE-2018-17169
was published
May 24, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
High
CVE-2012-4399
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Zend Framework XXE Vulnerability
High
CVE-2012-3363
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack...
Moderate
Unreviewed
CVE-2023-43067
was published
Oct 23, 2023
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and...
High
Unreviewed
CVE-2023-45727
was published
Oct 18, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was...
Critical
Unreviewed
CVE-2023-45612
was published
Oct 9, 2023
FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external...
Moderate
Unreviewed
CVE-2023-42132
was published
Oct 2, 2023
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti...
High
Unreviewed
CVE-2023-38343
was published
Sep 21, 2023
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client...
High
Unreviewed
CVE-2023-3892
was published
Sep 19, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External...
Critical
Unreviewed
CVE-2023-35892
was published
Sep 5, 2023
ProTip!
Advisories are also available from the
GraphQL API