Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,160 advisories

Loading
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external... High Unreviewed
CVE-2025-8355 was published Aug 8, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of... High Unreviewed
CVE-2025-54254 was published Aug 5, 2025
Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of... Moderate Unreviewed
CVE-2025-36608 was published Jul 30, 2025
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE)... Moderate Unreviewed
CVE-2025-26400 was published Jul 29, 2025
Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics... High Unreviewed
CVE-2025-54445 was published Jul 23, 2025
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration... High Unreviewed
CVE-2025-7766 was published Jul 23, 2025
An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy)... Moderate Unreviewed
CVE-2025-34142 was published Jul 22, 2025
Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity... Moderate Unreviewed
CVE-2025-36603 was published Jul 21, 2025
A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects... Moderate Unreviewed
CVE-2025-7824 was published Jul 19, 2025
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML... Moderate Unreviewed
CVE-2025-52162 was published Jul 18, 2025
DSpace is vulnerable to XML External Entity injection during archive imports Moderate
CVE-2025-53621 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
superpegaso2703 kshepherd
tdonohue
Credited to superpegaso2703, kshepherd, and tdonohue
Apache Jackrabbit vulnerable to blind XXE attack due to insecure document build High
CVE-2025-53689 was published for org.apache.jackrabbit:jackrabbit-core (Maven) Jul 14, 2025
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2025-6438 was published Jul 11, 2025
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction... Critical Unreviewed
CVE-2025-49535 was published Jul 8, 2025
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction... Moderate Unreviewed
CVE-2025-49539 was published Jul 8, 2025
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction... Moderate Unreviewed
CVE-2025-49544 was published Jul 8, 2025
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE)... Moderate Unreviewed
CVE-2025-49493 was published Jun 30, 2025
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory High
CVE-2025-52888 was published for io.qameta.allure.plugins:junit-xml-plugin (Maven) Jun 25, 2025
DerekHaber baev
Credited to DerekHaber and baev
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity... High Unreviewed
CVE-2025-33121 was published Jun 19, 2025
PowSyBl Core XML Reader allows XXE and SSRF Low
CVE-2025-47293 was published for com.powsybl:powsybl-commons (Maven) Jun 19, 2025
AdamKorcz arthurscchan
rolnico olperr1
Credited to AdamKorcz, arthurscchan, rolnico, and olperr1
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external... High Unreviewed
CVE-2025-36049 was published Jun 18, 2025
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint High
GHSA-2p76-gc46-5fvc was published for org.geonetwork-opensource:gn-web-app (Maven) Jun 10, 2025
jodygarnett josegar74
Credited to jodygarnett and josegar74
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service High
CVE-2025-30220 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
xbow-security YacineF
aaime jodygarnett
Credited to xbow-security, YacineF, aaime, and jodygarnett
Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can... High Unreviewed
CVE-2025-44044 was published Jun 10, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
Credited to lemauanhphong and jodygarnett
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database