GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 29,884
Composer 5,732
Erlang 50
GitHub Actions 50
Go 3,679
Maven 6,480
npm 6,010
NuGet 932
pip 4,911
Pub 13
RubyGems 1,053
Rust 1,318
Swift 53

Unreviewed advisories

All unreviewed 300,844

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

835 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP... Critical Unreviewed

CVE-2026-40682 was published May 4, 2026

Improper restriction of XML external entity reference vulnerability in ILM Informatique... Moderate Unreviewed

CVE-2026-6501 was published May 4, 2026

An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4... High Unreviewed

CVE-2026-36765 was published Apr 30, 2026

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core... High Unreviewed

CVE-2025-14543 was published Apr 30, 2026

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro... High Unreviewed

CVE-2024-13971 was published Apr 30, 2026

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP... High Unreviewed

CVE-2024-39847 was published Apr 30, 2026

A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling... Moderate Unreviewed

CVE-2026-6807 was published Apr 28, 2026

The component accepts XML input through the publisher without disabling external entity... Low Unreviewed

CVE-2024-8010 was published Apr 16, 2026

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly... High Unreviewed

CVE-2024-2374 was published Apr 16, 2026

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional ... High Unreviewed

CVE-2026-4374 was published Apr 1, 2026

Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload... High Unreviewed

CVE-2026-29924 was published Mar 30, 2026

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before... Moderate Unreviewed

CVE-2026-4980 was published Mar 27, 2026

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE)... Moderate Unreviewed

CVE-2026-33371 was published Mar 20, 2026

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko... High Unreviewed

CVE-2026-3511 was published Mar 19, 2026

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE)... High Unreviewed

CVE-2026-1567 was published Mar 3, 2026

A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the... Low Unreviewed

CVE-2026-3404 was published Mar 2, 2026

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request... High Unreviewed

CVE-2026-2252 was published Feb 27, 2026

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1... High Unreviewed

CVE-2025-36247 was published Feb 17, 2026

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows... Moderate Unreviewed

CVE-2020-37192 was published Feb 11, 2026

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... High Unreviewed

CVE-2026-1227 was published Feb 11, 2026

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file ... Moderate Unreviewed

CVE-2026-2074 was published Feb 7, 2026

This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7... High Unreviewed

CVE-2026-21569 was published Jan 28, 2026

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE)... High Unreviewed

CVE-2025-14478 was published Jan 17, 2026

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that... High Unreviewed

CVE-2022-50899 was published Jan 14, 2026

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco... Moderate Unreviewed

CVE-2026-20029 was published Jan 7, 2026

Previous1…34 Next

Previous 1 2 3 4 5 … 33 34 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

835 advisories