Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

347 advisories

Loading
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages Moderate
CVE-2024-52806 was published for simplesamlphp/saml2 (Composer) Dec 2, 2024
ahacker1-securesaml
Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations... Moderate Unreviewed
CVE-2021-22501 was published Dec 19, 2024
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE... Moderate Unreviewed
CVE-2024-56356 was published Dec 20, 2024
We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB... Moderate Unreviewed
CVE-2024-12298 was published Jan 14, 2025
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML... Moderate Unreviewed
CVE-2016-9563 was published Apr 30, 2022
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS... Moderate Unreviewed
CVE-2024-5919 was published Nov 14, 2024
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges... Moderate Unreviewed
CVE-2023-27652 was published Apr 20, 2023
RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a... Moderate Unreviewed
CVE-2024-25066 was published Feb 17, 2025
External XML entity injection allows arbitrary download of files. The score without least... Moderate Unreviewed
CVE-2025-24521 was published Mar 5, 2025
LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection Moderate
GHSA-2466-4485-4pxj was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API Moderate
GHSA-v232-254c-m6p7 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection Moderate
GHSA-47qw-ccjm-9c2c was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI Moderate
CVE-2015-5319 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of... Moderate Unreviewed
CVE-2018-9379 was published Jan 18, 2025
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection Moderate
CVE-2025-27136 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business... Moderate Unreviewed
CVE-2024-21048 was published Apr 17, 2024
Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows... Moderate Unreviewed
CVE-2025-25036 was published Mar 21, 2025
In JetBrains GoLand before 2025.1 an XXE during debugging was possible Moderate Unreviewed
CVE-2025-29932 was published Mar 25, 2025
An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an... Moderate Unreviewed
CVE-2023-49234 was published Mar 29, 2024
Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX... Moderate Unreviewed
CVE-2023-22322 was published Jan 30, 2023
PHPExcel vulnerable to XXE attacks through libxml Moderate
CVE-2014-2054 was published for phpoffice/phpexcel (Composer) May 17, 2022
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps... Moderate Unreviewed
CVE-2025-32138 was published Apr 4, 2025
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1... Moderate Unreviewed
CVE-2025-32406 was published Apr 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database