GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 29,884
Composer 5,732
Erlang 50
GitHub Actions 50
Go 3,679
Maven 6,480
npm 6,010
NuGet 932
pip 4,911
Pub 13
RubyGems 1,053
Rust 1,318
Swift 53

Unreviewed advisories

All unreviewed 300,844

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

389 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Grav is Vulnerable to XXE via SVG Upload Moderate

GHSA-3446-6mgw-f79p was published for getgrav/grav (Composer) May 5, 2026

Improper restriction of XML external entity reference vulnerability in ILM Informatique... Moderate Unreviewed

CVE-2026-6501 was published May 4, 2026

A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling... Moderate Unreviewed

CVE-2026-6807 was published Apr 28, 2026

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before... Moderate Unreviewed

CVE-2026-4980 was published Mar 27, 2026

esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages Moderate

CVE-2026-28809 was published for esaml (Erlang) Mar 23, 2026

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE)... Moderate Unreviewed

CVE-2026-33371 was published Mar 20, 2026

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows... Moderate Unreviewed

CVE-2020-37192 was published Feb 11, 2026

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file ... Moderate Unreviewed

CVE-2026-2074 was published Feb 7, 2026

Apache Syncope: Console XXE on Keymaster parameters Moderate

CVE-2026-23795 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-console (Maven) Feb 3, 2026

Bio-Formats has an XML External Entity (XXE) vulnerability Moderate

CVE-2026-22186 was published for ome:pom-bio-formats (Maven) Jan 7, 2026

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco... Moderate Unreviewed

CVE-2026-20029 was published Jan 7, 2026

Apache SIS has Improper Restriction of XML External Entity Reference vulnerability Moderate

CVE-2025-68280 was published for org.apache.sis.core:sis-metadata (Maven) Jan 5, 2026

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow... Moderate Unreviewed

CVE-2024-58335 was published Dec 24, 2025

Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez Moderate

CVE-2025-68463 was published for biopython (pip) Dec 18, 2025

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction... Moderate Unreviewed

CVE-2025-61823 was published Dec 10, 2025

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction... Moderate Unreviewed

CVE-2025-61821 was published Dec 10, 2025

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD... Moderate Unreviewed

CVE-2025-66370 was published Nov 28, 2025

Peppol-py is vulnerable to XXE attacks due to Saxon configuration Moderate

CVE-2025-66371 was published for peppol_py (pip) Nov 28, 2025

WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks Moderate

CVE-2025-10713 was published for org.wso2.carbon.mediation:org.wso2.carbon.localentry (Maven) Nov 5, 2025

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper... Moderate Unreviewed

CVE-2025-46425 was published Oct 24, 2025

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of... Moderate Unreviewed

CVE-2025-11341 was published Oct 6, 2025

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions... Moderate Unreviewed

CVE-2025-20369 was published Oct 1, 2025

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is... Moderate Unreviewed

CVE-2025-11140 was published Sep 29, 2025

A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of... Moderate Unreviewed

CVE-2025-11035 was published Sep 26, 2025

A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file ... Moderate Unreviewed

CVE-2025-10816 was published Sep 23, 2025

Previous1…16 Next

Previous 1 2 3 4 5 … 15 16 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

389 advisories