Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,025 advisories

Loading
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client... High Unreviewed
CVE-2023-3892 was published Sep 19, 2023
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106... Unknown Unreviewed
CVE-2023-41369 was published Sep 14, 2023
Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability High
CVE-2023-41933 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Sep 6, 2023
Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin Moderate
CVE-2023-41932 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Sep 6, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External... Critical Unreviewed
CVE-2023-35892 was published Sep 5, 2023
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to... High Unreviewed
CVE-2023-40239 was published Sep 1, 2023
DDFFileParser is vulnerable to XXE Attacks Moderate
CVE-2023-41034 was published for org.eclipse.leshan:leshan-core (Maven) Aug 31, 2023
JaroslawLegierski
Esoteric YamlBeans XML Entity Expansion vulnerability Moderate
CVE-2023-24620 was published for com.esotericsoftware.yamlbeans:yamlbeans (Maven) Aug 25, 2023
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no... Critical Unreviewed
CVE-2022-48565 was published Aug 22, 2023
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
OpenNMS Horizon XXE Injection Vulnerability High
CVE-2023-0871 was published for org.opennms.core:org.opennms.core.xml (Maven) Aug 11, 2023
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. Critical Unreviewed
CVE-2023-32567 was published Aug 10, 2023
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated,... Moderate Unreviewed
CVE-2020-26064 was published Aug 4, 2023
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given... High Unreviewed
CVE-2023-37497 was published Aug 4, 2023
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity... Moderate Unreviewed
CVE-2023-30951 was published Aug 4, 2023
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity... Critical Unreviewed
CVE-2023-37364 was published Aug 3, 2023
XML External Entity (XXE) vulnerability in the XML data handler Moderate
CVE-2023-38490 was published for getkirby/cms (Composer) Jul 28, 2023
noraj dapatrese
Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE... Moderate Unreviewed
CVE-2023-32639 was published Jul 25, 2023
XBRL data create application version 7.0 and earlier improperly restricts XML external entity... Moderate Unreviewed
CVE-2023-32635 was published Jul 19, 2023
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of... Critical Unreviewed
CVE-2023-20918 was published Jul 13, 2023
Jenkins External Monitor Job Type Plugin XML external entity vulnerability Moderate
CVE-2023-37942 was published for org.jenkins-ci.plugins:external-monitor-job (Maven) Jul 12, 2023
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2023-37200 was published Jul 12, 2023
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations Low
GHSA-58qw-p7qm-5rvh was published for org.eclipse.jetty:jetty-xml (Maven) Jul 10, 2023
uriyay-jfrog joakime
chadlwilson timtebeek
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2023-2161 was published Jul 6, 2023
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE)... High Unreviewed
CVE-2022-38840 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database