Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,692
Erlang
34
GitHub Actions
27
Go
2,279
Maven
5,000+
npm
3,931
NuGet
708
pip
3,699
Pub
12
RubyGems
919
Rust
957
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,100 advisories

Loading
Improper Restriction of XML External Entity Reference vulnerability in bonigarcia... Critical Unreviewed
CVE-2025-4641 was published May 14, 2025
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method... High Unreviewed
CVE-2025-4639 was published May 14, 2025
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All... High Unreviewed
CVE-2024-51445 was published May 13, 2025
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated... High Unreviewed
CVE-2025-30018 was published May 13, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed
CVE-2025-2775 was published May 7, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed
CVE-2025-2776 was published May 7, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed
CVE-2025-2777 was published May 7, 2025
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper... High Unreviewed
CVE-2025-22478 was published May 6, 2025
Langroid Allows XXE Injection via XMLToolMessage High
CVE-2025-46726 was published for langroid (pip) May 5, 2025
SCH227
WSO2 API Manager XML External Entity (XXE) vulnerability Critical
CVE-2025-2905 was published for org.wso2.am:am-distribution-parent (Maven) May 5, 2025
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An... Moderate Unreviewed
CVE-2025-34490 was published Apr 28, 2025
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary... Moderate Unreviewed
CVE-2025-2070 was published Apr 25, 2025
Overview   XML documents optionally contain a Document Type Definition (DTD), which, among... Moderate Unreviewed
CVE-2025-24910 was published Apr 17, 2025
Overview   XML documents optionally contain a Document Type Definition (DTD), which, among... Moderate Unreviewed
CVE-2025-24911 was published Apr 17, 2025
ibexa/fieldtype-richtext allows access to external entities in XML High
GHSA-cj3w-g42v-wcj6 was published for ibexa/fieldtype-richtext (Composer) Apr 10, 2025
ezsystems/ezplatform-richtext allows access to external entities in XML High
GHSA-2jqj-5qv2-xvcg was published for ezsystems/ezplatform-richtext (Composer) Apr 10, 2025
An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1... Moderate Unreviewed
CVE-2025-32406 was published Apr 8, 2025
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps... Moderate Unreviewed
CVE-2025-32138 was published Apr 4, 2025
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server High
CVE-2025-31487 was published for org.xwiki.contrib.jira:jira-macro-default (Maven) Apr 4, 2025
In JetBrains GoLand before 2025.1 an XXE during debugging was possible Moderate Unreviewed
CVE-2025-29932 was published Mar 25, 2025
Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows... Moderate Unreviewed
CVE-2025-25036 was published Mar 21, 2025
LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection Moderate
GHSA-47qw-ccjm-9c2c was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API Moderate
GHSA-v232-254c-m6p7 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection Moderate
GHSA-2466-4485-4pxj was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection Moderate
CVE-2025-27136 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database