GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,562
Composer 4,198
Erlang 31
GitHub Actions 19
Go 1,986
Maven 5,163
npm 3,702
NuGet 660
pip 3,328
Pub 11
RubyGems 883
Rust 843
Swift 36

Unreviewed advisories

All unreviewed 233,910

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

702 advisories

Filter by severity

Sort by

Least recently updated

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was... Critical Unreviewed

CVE-2023-45612 was published Oct 9, 2023

FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external... Moderate Unreviewed

CVE-2023-42132 was published Oct 2, 2023

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti... High Unreviewed

CVE-2023-38343 was published Sep 21, 2023

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client... High Unreviewed

CVE-2023-3892 was published Sep 19, 2023

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106... Unknown Unreviewed

CVE-2023-41369 was published Sep 14, 2023

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External... Critical Unreviewed

CVE-2023-35892 was published Sep 5, 2023

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to... High Unreviewed

CVE-2023-40239 was published Sep 1, 2023

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no... Critical Unreviewed

CVE-2022-48565 was published Aug 22, 2023

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. Critical Unreviewed

CVE-2023-32567 was published Aug 10, 2023

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated,... Moderate Unreviewed

CVE-2020-26064 was published Aug 4, 2023

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given... High Unreviewed

CVE-2023-37497 was published Aug 4, 2023

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity... Moderate Unreviewed

CVE-2023-30951 was published Aug 4, 2023

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity... Critical Unreviewed

CVE-2023-37364 was published Aug 3, 2023

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE... Moderate Unreviewed

CVE-2023-32639 was published Jul 25, 2023

XBRL data create application version 7.0 and earlier improperly restricts XML external entity... Moderate Unreviewed

CVE-2023-32635 was published Jul 19, 2023

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of... Critical Unreviewed

CVE-2023-20918 was published Jul 13, 2023

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed

CVE-2023-37200 was published Jul 12, 2023

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed

CVE-2023-2161 was published Jul 6, 2023

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE)... High Unreviewed

CVE-2022-38840 was published Jul 6, 2023

Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view... Moderate Unreviewed

CVE-2023-35786 was published Jul 5, 2023

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common... High Unreviewed

CVE-2023-3113 was published Jun 26, 2023

Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Critical Unreviewed

CVE-2023-24470 was published Jun 14, 2023

Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC... Moderate Unreviewed

CVE-2023-29498 was published Jun 13, 2023

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can... Moderate Unreviewed

CVE-2023-32706 was published Jun 1, 2023

The client in OpenText Archive Center Administration through 21.2 allows XXE attacks.... High Unreviewed

CVE-2022-41221 was published May 24, 2023

Previous 1 2 3 4 5 6 … 28 29 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

702 advisories