Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,106 advisories

Loading
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business... Moderate Unreviewed
CVE-2024-21048 was published Apr 17, 2024
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length... Critical Unreviewed
CVE-2024-45490 was published Aug 30, 2024
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection Moderate
CVE-2025-27136 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of... Moderate Unreviewed
CVE-2018-9379 was published Jan 18, 2025
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... High Unreviewed
CVE-2024-21255 was published Oct 15, 2024
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI Moderate
CVE-2015-5319 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete... High Unreviewed
CVE-2018-9375 was published Jan 18, 2025
LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection Moderate
GHSA-47qw-ccjm-9c2c was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API Moderate
GHSA-v232-254c-m6p7 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection Moderate
GHSA-2466-4485-4pxj was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE... High Unreviewed
CVE-2025-0162 was published Mar 7, 2025
XXE in PHPSpreadsheet's XLSX reader High
CVE-2024-48917 was published for phpoffice/phpexcel (Composer) Nov 18, 2024
antoniospataro Antonio-R1
XmlScanner bypass leads to XXE High
CVE-2024-47873 was published for phpoffice/phpexcel (Composer) Nov 18, 2024
Antonio-R1 antoniospataro
XXE in PHPSpreadsheet's XLSX reader High
CVE-2024-45293 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
0xshade ixSly
XXE in PHPSpreadsheet encoding is returned High
CVE-2024-45048 was published for phpoffice/phpexcel (Composer) Aug 29, 2024
bytehope chinh2597
cavias
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue High
CVE-2019-12331 was published for phpoffice/phpexcel (Composer) Nov 20, 2019
MarkLee131
Lucee RCE/XXE Vulnerability Critical
CVE-2023-38693 was published for org.lucee:lucee (Maven) Mar 5, 2025
rootxharsh zspitzer
External XML entity injection allows arbitrary download of files. The score without least... Moderate Unreviewed
CVE-2025-24521 was published Mar 5, 2025
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can... Critical Unreviewed
CVE-2024-40896 was published Dec 23, 2024
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity... High Unreviewed
CVE-2024-49781 was published Feb 20, 2025
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to... High Unreviewed
CVE-2023-47160 was published Feb 19, 2025
This vulnerability allows remote attackers to disclose sensitive information on affected... High Unreviewed
CVE-2022-36969 was published Mar 29, 2023
RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a... Moderate Unreviewed
CVE-2024-25066 was published Feb 17, 2025
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability Critical
CVE-2023-49733 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database