Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,143 advisories

Loading
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE)... Moderate Unreviewed
CVE-2025-49493 was published Jun 30, 2025
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory High
CVE-2025-52888 was published for io.qameta.allure.plugins:junit-xml-plugin (Maven) Jun 25, 2025
DerekHaber baev
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity... High Unreviewed
CVE-2025-33121 was published Jun 19, 2025
PowSyBl Core XML Reader allows XXE and SSRF Low
CVE-2025-47293 was published for com.powsybl:powsybl-commons (Maven) Jun 19, 2025
AdamKorcz arthurscchan
rolnico olperr1
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external... High Unreviewed
CVE-2025-36049 was published Jun 18, 2025
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint High
GHSA-2p76-gc46-5fvc was published for org.geonetwork-opensource:gn-web-app (Maven) Jun 10, 2025
jodygarnett josegar74
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service High
CVE-2025-30220 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
xbow-security YacineF
aaime jodygarnett
Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can... High Unreviewed
CVE-2025-44044 was published Jun 10, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling Critical
GHSA-826p-4gcg-35vw was published for org.geotools:gt-wfs-ng (Maven) Jun 9, 2025
aaime jodygarnett
Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon... Critical Unreviewed
CVE-2025-31039 was published Jun 9, 2025
PHPOffice Math allows XXE when processing an XML file in the MathML format High
CVE-2025-48882 was published for phpoffice/math (Composer) May 29, 2025
Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration... Moderate Unreviewed
CVE-2025-4338 was published May 23, 2025
Eclipse JGit XML External Entity (XXE) Vulnerability Moderate
CVE-2025-4949 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) May 21, 2025
Sulu vulnerable to XXE in SVG File upload Inspector Moderate
CVE-2025-47778 was published for sulu/sulu (Composer) May 15, 2025
mcdruid alexander-schranz
ausi
XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This... High Unreviewed
CVE-2025-27523 was published May 15, 2025
BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Entity Reference Critical
CVE-2025-4641 was published for io.github.bonigarcia:webdrivermanager (Maven) May 14, 2025
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method... High Unreviewed
CVE-2025-4639 was published May 14, 2025
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All... High Unreviewed
CVE-2024-51445 was published May 13, 2025
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated... High Unreviewed
CVE-2025-30018 was published May 13, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed
CVE-2025-2776 was published May 7, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed
CVE-2025-2775 was published May 7, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed
CVE-2025-2777 was published May 7, 2025
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper... High Unreviewed
CVE-2025-22478 was published May 6, 2025
Langroid Allows XXE Injection via XMLToolMessage High
CVE-2025-46726 was published for langroid (pip) May 5, 2025
SCH227
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database