GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,835
Composer 4,870
Erlang 36
GitHub Actions 36
Go 2,493
Maven 5,926
npm 4,126
NuGet 735
pip 3,943
Pub 12
RubyGems 945
Rust 1,021
Swift 39

Unreviewed advisories

All unreviewed 269,159

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

172 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect... Critical Unreviewed

CVE-2025-10183 was published Sep 9, 2025

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction... Critical Unreviewed

CVE-2025-49535 was published Jul 8, 2025

An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code... Critical Unreviewed

CVE-2023-26999 was published Jan 9, 2024

Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon... Critical Unreviewed

CVE-2025-31039 was published Jun 9, 2025

An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external... Critical Unreviewed

CVE-2023-28152 was published Mar 24, 2023

An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML... Critical Unreviewed

CVE-2023-28151 was published Mar 24, 2023

An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external... Critical Unreviewed

CVE-2023-28150 was published Mar 25, 2023

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed

CVE-2025-2776 was published May 7, 2025

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed

CVE-2025-2775 was published May 7, 2025

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed

CVE-2025-2777 was published May 7, 2025

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2... Critical Unreviewed

CVE-2014-3630 was published May 13, 2022

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML... Critical Unreviewed

CVE-2014-0030 was published May 14, 2022

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Critical Unreviewed

CVE-2015-7241 was published May 14, 2022

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE)... Critical Unreviewed

CVE-2016-6256 was published May 14, 2022

USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data... Critical Unreviewed

CVE-2017-6895 was published May 17, 2022

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed

CVE-2015-8866 was published May 14, 2022

XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1... Critical Unreviewed

CVE-2016-3974 was published May 13, 2022

Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). Critical Unreviewed

CVE-2022-47873 was published Feb 1, 2023

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). ... Critical Unreviewed

CVE-2024-21082 was published Apr 17, 2024

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length... Critical Unreviewed

CVE-2024-45490 was published Aug 30, 2024

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can... Critical Unreviewed

CVE-2024-40896 was published Dec 23, 2024

An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB... Critical Unreviewed

CVE-2024-55081 was published Dec 19, 2024

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed

CVE-2024-10218 was published Nov 12, 2024

An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to... Critical Unreviewed

CVE-2024-51136 was published Nov 4, 2024

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of... Critical Unreviewed

CVE-2023-20918 was published Jul 13, 2023

Previous1…7 Next

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

172 advisories