Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,679
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,911
Pub
13
RubyGems
1,053
Rust
1,318
Swift
53
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
The component accepts XML input through the publisher without disabling external entity... Low Unreviewed
CVE-2024-8010 was published Apr 16, 2026
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3404 was published Mar 2, 2026
Mustangproject allows exfiltrating files via XXE attacks Low
CVE-2025-66372 was published for org.mustangproject:library (Maven) Nov 28, 2025
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows ... Low Unreviewed
CVE-2025-35112 was published Aug 27, 2025
PowSyBl Core XML Reader allows XXE and SSRF Low
CVE-2025-47293 was published for com.powsybl:powsybl-commons (Maven) Jun 19, 2025
AdamKorcz Credited to AdamKorcz, arthurscchan, rolnico, and olperr1 arthurscchan arthurscchan
rolnico rolnico olperr1 olperr1
BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML... Low Unreviewed
CVE-2024-42185 was published Jan 23, 2025
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability Low
CVE-2024-52800 was published for org.verapdf:core (Maven) Dec 2, 2024
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection... Low Unreviewed
CVE-2024-39586 was published Oct 9, 2024
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered... Low Unreviewed
CVE-2023-6194 was published Dec 11, 2023
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations Low
GHSA-58qw-p7qm-5rvh was published for org.eclipse.jetty:jetty-xml (Maven) Jul 10, 2023
uriyay-jfrog Credited to uriyay-jfrog, joakime, chadlwilson, and timtebeek joakime joakime
chadlwilson chadlwilson timtebeek timtebeek
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files... Low Unreviewed
CVE-2012-5656 was published May 17, 2022
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. Low Unreviewed
CVE-2018-16252 was published May 14, 2022
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows... Low Unreviewed
CVE-2018-0878 was published May 14, 2022
XML External Entity in Dashboard Widget Low
CVE-2020-26229 was published for typo3/cms (Composer) Nov 23, 2020
Low severity vulnerability that affects org.springframework.batch:spring-batch-core Low
CVE-2019-3774 was published for org.springframework.batch:spring-batch-core (Maven) Jan 25, 2019
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml Low
CVE-2019-3772 was published for org.springframework.integration:spring-integration-ws (Maven) Jan 25, 2019
MarkLee131 Credited to MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database