Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,679
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,902
Pub
13
RubyGems
1,053
Rust
1,318
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,212 advisories

Loading
Grav is Vulnerable to XXE via SVG Upload Moderate
GHSA-3446-6mgw-f79p was published for getgrav/grav (Composer) May 5, 2026
changedetection.io project has an XXE vulnerability High
CVE-2026-41895 was published for changedetection.io (pip) May 4, 2026
FORIMOC Credited to FORIMOC
XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP... Critical Unreviewed
CVE-2026-40682 was published May 4, 2026
Improper restriction of XML external entity reference vulnerability in ILM Informatique... Moderate Unreviewed
CVE-2026-6501 was published May 4, 2026
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4... High Unreviewed
CVE-2026-36765 was published Apr 30, 2026
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core... High Unreviewed
CVE-2025-14543 was published Apr 30, 2026
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro... High Unreviewed
CVE-2024-13971 was published Apr 30, 2026
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP... High Unreviewed
CVE-2024-39847 was published Apr 30, 2026
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling... Moderate Unreviewed
CVE-2026-6807 was published Apr 28, 2026
lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files High
CVE-2026-41066 was published for lxml (pip) Apr 21, 2026
Brubbish Credited to Brubbish
The component accepts XML input through the publisher without disabling external entity... Low Unreviewed
CVE-2024-8010 was published Apr 16, 2026
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly... High Unreviewed
CVE-2024-2374 was published Apr 16, 2026
OpenRemote has XXE in Velbus Asset Import High
CVE-2026-40882 was published for io.openremote:openremote-manager (Maven) Apr 15, 2026
KKC73 Credited to KKC73
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability High
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional ... High Unreviewed
CVE-2026-4374 was published Apr 1, 2026
Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload... High Unreviewed
CVE-2026-29924 was published Mar 30, 2026
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before... Moderate Unreviewed
CVE-2026-4980 was published Mar 27, 2026
esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages Moderate
CVE-2026-28809 was published for esaml (Erlang) Mar 23, 2026
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE)... Moderate Unreviewed
CVE-2026-33371 was published Mar 20, 2026
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko... High Unreviewed
CVE-2026-3511 was published Mar 19, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE)... High Unreviewed
CVE-2026-1567 was published Mar 3, 2026
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3404 was published Mar 2, 2026
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request... High Unreviewed
CVE-2026-2252 was published Feb 27, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1... High Unreviewed
CVE-2025-36247 was published Feb 17, 2026
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows... Moderate Unreviewed
CVE-2020-37192 was published Feb 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database