Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,679
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,911
Pub
13
RubyGems
1,053
Rust
1,318
Swift
53
Unreviewed advisories
All unreviewed
5,000+

539 advisories

Loading
changedetection.io project has an XXE vulnerability High
CVE-2026-41895 was published for changedetection.io (pip) May 4, 2026
FORIMOC Credited to FORIMOC
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4... High Unreviewed
CVE-2026-36765 was published Apr 30, 2026
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core... High Unreviewed
CVE-2025-14543 was published Apr 30, 2026
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro... High Unreviewed
CVE-2024-13971 was published Apr 30, 2026
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP... High Unreviewed
CVE-2024-39847 was published Apr 30, 2026
lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files High
CVE-2026-41066 was published for lxml (pip) Apr 21, 2026
Brubbish Credited to Brubbish
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly... High Unreviewed
CVE-2024-2374 was published Apr 16, 2026
OpenRemote has XXE in Velbus Asset Import High
CVE-2026-40882 was published for io.openremote:openremote-manager (Maven) Apr 15, 2026
KKC73 Credited to KKC73
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability High
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional ... High Unreviewed
CVE-2026-4374 was published Apr 1, 2026
Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload... High Unreviewed
CVE-2026-29924 was published Mar 30, 2026
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko... High Unreviewed
CVE-2026-3511 was published Mar 19, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE)... High Unreviewed
CVE-2026-1567 was published Mar 3, 2026
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request... High Unreviewed
CVE-2026-2252 was published Feb 27, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1... High Unreviewed
CVE-2025-36247 was published Feb 17, 2026
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... High Unreviewed
CVE-2026-1227 was published Feb 11, 2026
This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7... High Unreviewed
CVE-2026-21569 was published Jan 28, 2026
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion High
CVE-2026-24400 was published for org.assertj:assertj-core (Maven) Jan 26, 2026
wxt201 Credited to wxt201 and scordio scordio scordio
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE)... High Unreviewed
CVE-2025-14478 was published Jan 17, 2026
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that... High Unreviewed
CVE-2022-50899 was published Jan 14, 2026
Apache Struts 2 is Missing XML Validation High
CVE-2025-68493 was published for com.opensymphony:xwork (Maven) Jan 11, 2026
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML... High Unreviewed
CVE-2025-36589 was published Jan 6, 2026
KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the... High Unreviewed
CVE-2019-25253 was published Dec 24, 2025
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity ... High Unreviewed
CVE-2018-25142 was published Dec 24, 2025
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction... High Unreviewed
CVE-2025-61813 was published Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database