GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
298 advisories
Filter by severity
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML...
Moderate
Unreviewed
CVE-2024-45745
was published
Sep 27, 2024
Kimai has an XXE Leading to Local File Read
Moderate
GHSA-534c-hcr7-67jg
was published
for
kimai/kimai
(Composer)
Sep 17, 2024
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection
Moderate
CVE-2023-26043
was published
for
GeoNode
(pip)
Aug 30, 2024
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE)...
Moderate
Unreviewed
CVE-2024-3930
was published
Jul 30, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2024-6961
was published
for
guardrails-ai
(pip)
Jul 21, 2024
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics...
Moderate
Unreviewed
CVE-2024-5625
was published
Jul 18, 2024
ClassGraph XML External Entity Reference
Moderate
CVE-2021-47621
was published
for
io.github.classgraph:classgraph
(Maven)
Jun 21, 2024
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1...
Moderate
Unreviewed
CVE-2024-4357
was published
May 15, 2024
Microsoft SharePoint Server Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-30043
was published
May 14, 2024
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure...
Moderate
Unreviewed
CVE-2023-51602
was published
May 3, 2024
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure...
Moderate
Unreviewed
CVE-2023-51604
was published
May 3, 2024
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure...
Moderate
Unreviewed
CVE-2023-51600
was published
May 3, 2024
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure...
Moderate
Unreviewed
CVE-2023-51601
was published
May 3, 2024
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure...
Moderate
Unreviewed
CVE-2023-51605
was published
May 3, 2024
Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure...
Moderate
Unreviewed
CVE-2023-51591
was published
May 3, 2024
Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure...
Moderate
Unreviewed
CVE-2023-42035
was published
May 3, 2024
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information...
Moderate
Unreviewed
CVE-2023-39472
was published
May 3, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Moderate
CVE-2022-47894
was published
for
org.apache.zeppelin:sap
(Maven)
Apr 9, 2024
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection...
Moderate
Unreviewed
CVE-2024-25971
was published
Mar 28, 2024
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
Moderate
Unreviewed
CVE-2024-31139
was published
Mar 28, 2024
A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This...
Moderate
Unreviewed
CVE-2024-2826
was published
Mar 22, 2024
Improper restriction of XML external entity references vulnerability exists in FitNesse all...
Moderate
Unreviewed
CVE-2024-28039
was published
Mar 18, 2024
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an...
Moderate
Unreviewed
CVE-2023-25926
was published
Feb 29, 2024
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.
Moderate
Unreviewed
CVE-2023-52239
was published
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API