Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,679
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,911
Pub
13
RubyGems
1,053
Rust
1,318
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,212 advisories

Loading
Grav is Vulnerable to XXE via SVG Upload Moderate
GHSA-3446-6mgw-f79p was published for getgrav/grav (Composer) May 5, 2026
XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP... Critical Unreviewed
CVE-2026-40682 was published May 4, 2026
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP... High Unreviewed
CVE-2024-39847 was published Apr 30, 2026
changedetection.io project has an XXE vulnerability High
CVE-2026-41895 was published for changedetection.io (pip) May 4, 2026
FORIMOC Credited to FORIMOC
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4... High Unreviewed
CVE-2026-36765 was published Apr 30, 2026
Improper restriction of XML external entity reference vulnerability in ILM Informatique... Moderate Unreviewed
CVE-2026-6501 was published May 4, 2026
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core... High Unreviewed
CVE-2025-14543 was published Apr 30, 2026
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro... High Unreviewed
CVE-2024-13971 was published Apr 30, 2026
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling... Moderate Unreviewed
CVE-2026-6807 was published Apr 28, 2026
lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files High
CVE-2026-41066 was published for lxml (pip) Apr 21, 2026
Brubbish Credited to Brubbish
OpenRemote has XXE in Velbus Asset Import High
CVE-2026-40882 was published for io.openremote:openremote-manager (Maven) Apr 15, 2026
KKC73 Credited to KKC73
Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez Moderate
CVE-2025-68463 was published for biopython (pip) Dec 18, 2025
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional ... High Unreviewed
CVE-2026-4374 was published Apr 1, 2026
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability High
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
Improper Restriction of XML External Entity Reference in Castor Moderate
CVE-2014-3004 was published for castor:castor (Maven) May 13, 2022
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010 and kmoens kmoens kmoens
The component accepts XML input through the publisher without disabling external entity... Low Unreviewed
CVE-2024-8010 was published Apr 16, 2026
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly... High Unreviewed
CVE-2024-2374 was published Apr 16, 2026
corenlp is vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2022-0239 was published for edu.stanford.nlp:stanford-corenlp (Maven) Jan 21, 2022
RainSignal Credited to RainSignal
esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages Moderate
CVE-2026-28809 was published for esaml (Erlang) Mar 23, 2026
Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor... Moderate Unreviewed
CVE-2024-50442 was published Oct 28, 2024
Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload... High Unreviewed
CVE-2026-29924 was published Mar 30, 2026
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before... Moderate Unreviewed
CVE-2026-4980 was published Mar 27, 2026
Liferay Portal has an XXE vulnerability in Java2WsddTask._format High
CVE-2024-25606 was published for com.liferay.portal:com.liferay.util.java (Maven) Feb 20, 2024
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE)... Moderate Unreviewed
CVE-2026-33371 was published Mar 20, 2026
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files... Low Unreviewed
CVE-2012-5656 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database