Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,238
Maven
5,000+
npm
3,900
NuGet
701
pip
3,666
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,088 advisories

Loading
Overview   XML documents optionally contain a Document Type Definition (DTD), which, among... Moderate Unreviewed
CVE-2025-24911 was published Apr 17, 2025
Overview   XML documents optionally contain a Document Type Definition (DTD), which, among... Moderate Unreviewed
CVE-2025-24910 was published Apr 17, 2025
The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update... High Unreviewed
CVE-2016-4264 was published May 13, 2022
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not... Critical Unreviewed
CVE-2015-8866 was published May 14, 2022
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1... Critical Unreviewed
CVE-2016-3974 was published May 13, 2022
Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote... Moderate Unreviewed
CVE-2015-2125 was published May 13, 2022
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option... Moderate Unreviewed
CVE-2015-3451 was published May 13, 2022
ibexa/fieldtype-richtext allows access to external entities in XML High
GHSA-cj3w-g42v-wcj6 was published for ibexa/fieldtype-richtext (Composer) Apr 10, 2025
ezsystems/ezplatform-richtext allows access to external entities in XML High
GHSA-2jqj-5qv2-xvcg was published for ezsystems/ezplatform-richtext (Composer) Apr 10, 2025
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A... High Unreviewed
CVE-2023-23595 was published Jan 15, 2023
An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1... Moderate Unreviewed
CVE-2025-32406 was published Apr 8, 2025
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows... Low Unreviewed
CVE-2018-0878 was published May 14, 2022
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps... Moderate Unreviewed
CVE-2025-32138 was published Apr 4, 2025
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server High
CVE-2025-31487 was published for org.xwiki.contrib.jira:jira-macro-default (Maven) Apr 4, 2025
XML external entity vulnerability on agents in Jenkins MSTest Plugin Critical
CVE-2023-24441 was published for org.jvnet.hudson.plugins:mstest (Maven) Jan 26, 2023
tfonfara
PHPExcel vulnerable to XXE attacks through libxml Moderate
CVE-2014-2054 was published for phpoffice/phpexcel (Composer) May 17, 2022
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote... High Unreviewed
CVE-2014-2052 was published May 17, 2022
Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX... Moderate Unreviewed
CVE-2023-22322 was published Jan 30, 2023
An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an... Moderate Unreviewed
CVE-2023-49234 was published Mar 29, 2024
Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). Critical Unreviewed
CVE-2022-47873 was published Feb 1, 2023
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). ... Critical Unreviewed
CVE-2024-21082 was published Apr 17, 2024
In JetBrains GoLand before 2025.1 an XXE during debugging was possible Moderate Unreviewed
CVE-2025-29932 was published Mar 25, 2025
Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection... High Unreviewed
CVE-2023-24323 was published Feb 9, 2023
Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows... Moderate Unreviewed
CVE-2025-25036 was published Mar 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database