Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

347 advisories

Loading
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option... Moderate Unreviewed
CVE-2015-3451 was published May 13, 2022
Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote... Moderate Unreviewed
CVE-2015-2125 was published May 13, 2022
Overview   XML documents optionally contain a Document Type Definition (DTD), which, among... Moderate Unreviewed
CVE-2025-24911 was published Apr 17, 2025
Overview   XML documents optionally contain a Document Type Definition (DTD), which, among... Moderate Unreviewed
CVE-2025-24910 was published Apr 17, 2025
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file... Moderate Unreviewed
CVE-2017-7457 was published May 17, 2022
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ... Moderate Unreviewed
CVE-2017-3548 was published May 13, 2022
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware... Moderate Unreviewed
CVE-2017-7907 was published May 17, 2022
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager... Moderate Unreviewed
CVE-2017-9295 was published May 17, 2022
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows... Moderate Unreviewed
CVE-2017-11457 was published May 13, 2022
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml... Moderate Unreviewed
CVE-2017-9095 was published May 17, 2022
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access... Moderate Unreviewed
CVE-2017-15639 was published May 17, 2022
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary... Moderate Unreviewed
CVE-2025-2070 was published Apr 25, 2025
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An... Moderate Unreviewed
CVE-2025-34490 was published Apr 28, 2025
XXE vulnerability on agents in Jenkins SourceMonitor Plugin Moderate
CVE-2022-45396 was published for com.thalesgroup.hudson.plugins:sourcemonitor (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin Moderate
CVE-2022-45397 was published for org.jenkins-ci:update-center2 (Maven) Nov 16, 2022
NotMyFault
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash... Moderate Unreviewed
CVE-2022-45194 was published Nov 12, 2022
Sulu vulnerable to XXE in SVG File upload Inspector Moderate
CVE-2025-47778 was published for sulu/sulu (Composer) May 15, 2025
mcdruid alexander-schranz
ausi
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it... Moderate Unreviewed
CVE-2019-0948 was published May 24, 2022
Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration... Moderate Unreviewed
CVE-2025-4338 was published May 23, 2025
Eclipse JGit XML External Entity (XXE) Vulnerability Moderate
CVE-2025-4949 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) May 21, 2025
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture... Moderate Unreviewed
CVE-2024-22380 was published Jan 24, 2024
A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03.... Moderate Unreviewed
CVE-2025-1225 was published Feb 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database