Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

515 advisories

Loading
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
Credited to mr-zepol and nscuro
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application ... High Unreviewed
CVE-2023-49110 was published Jun 20, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc High
GHSA-229x-22xc-2f2w was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors High
GHSA-4j9x-g4x8-vcmf was published for zendframework/zendframework1 (Composer) Jun 7, 2024
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML... High Unreviewed
CVE-2023-45192 was published Jun 6, 2024
Symfony XXE security vulnerability High
GHSA-rjpm-qmq7-q85w was published for symfony/routing (Composer) May 30, 2024
Symfony XML Entity Expansion security vulnerability High
GHSA-c636-cg5r-2498 was published for symfony/dependency-injection (Composer) May 29, 2024
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could... High Unreviewed
CVE-2024-3486 was published May 15, 2024
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability High
CVE-2024-34345 was published for @cyclonedx/cyclonedx-library (npm) May 8, 2024
jkowalleck
Credited to jkowalleck
D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-44412 was published May 3, 2024
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-40506 was published May 3, 2024
LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-40503 was published May 3, 2024
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability.... High Unreviewed
CVE-2023-40507 was published May 3, 2024
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE)... High Unreviewed
CVE-2024-29010 was published May 1, 2024
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3... High Unreviewed
CVE-2024-22354 was published Apr 17, 2024
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE)... High Unreviewed
CVE-2024-27266 was published Mar 14, 2024
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. High Unreviewed
CVE-2023-50168 was published Mar 14, 2024
Liferay Portal has an XXE vulnerability in Java2WsddTask._format High
CVE-2024-25606 was published for com.liferay.portal:com.liferay.util.java (Maven) Feb 20, 2024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x,... High Unreviewed
CVE-2024-22024 was published Feb 13, 2024
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated... High Unreviewed
CVE-2024-24743 was published Feb 13, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... High Unreviewed
CVE-2023-32327 was published Feb 3, 2024
fonttools XML External Entity Injection (XXE) Vulnerability High
CVE-2023-45139 was published for fonttools (pip) Jan 9, 2024
acornall
Credited to acornall
An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions... High Unreviewed
CVE-2023-6280 was published Dec 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database