GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,107 advisories
Filter by severity
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and...
High
Unreviewed
CVE-2024-49352
was published
Feb 5, 2025
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges...
Moderate
Unreviewed
CVE-2023-27652
was published
Apr 20, 2023
IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing...
High
Unreviewed
CVE-2024-54171
was published
Feb 6, 2025
XML External Entity (XXE) Injection in JDOM
High
CVE-2021-33813
was published
for
org.jdom:jdom
(Maven)
Jul 27, 2021
Apache Ivy External Entity Reference vulnerability
High
CVE-2022-46751
was published
for
org.apache.ivy:ivy
(Maven)
Aug 21, 2023
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Critical
CVE-2023-49733
was published
for
org.apache.cocoon:cocoon
(Maven)
Nov 30, 2023
RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a...
Moderate
Unreviewed
CVE-2024-25066
was published
Feb 17, 2025
This vulnerability allows remote attackers to disclose sensitive information on affected...
High
Unreviewed
CVE-2022-36969
was published
Mar 29, 2023
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
is vulnerable to...
High
Unreviewed
CVE-2023-47160
was published
Feb 19, 2025
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity...
High
Unreviewed
CVE-2024-49781
was published
Feb 20, 2025
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can...
Critical
Unreviewed
CVE-2024-40896
was published
Dec 23, 2024
External XML entity injection allows arbitrary download of files. The
score without least...
Moderate
Unreviewed
CVE-2025-24521
was published
Mar 5, 2025
Lucee RCE/XXE Vulnerability
Critical
CVE-2023-38693
was published
for
org.lucee:lucee
(Maven)
Mar 5, 2025
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpexcel
(Composer)
Nov 20, 2019
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpexcel
(Composer)
Aug 29, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-45293
was published
for
phpoffice/phpexcel
(Composer)
Oct 7, 2024
XmlScanner bypass leads to XXE
High
CVE-2024-47873
was published
for
phpoffice/phpexcel
(Composer)
Nov 18, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-48917
was published
for
phpoffice/phpexcel
(Composer)
Nov 18, 2024
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE...
High
Unreviewed
CVE-2025-0162
was published
Mar 7, 2025
LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection
Moderate
GHSA-2466-4485-4pxj
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API
Moderate
GHSA-v232-254c-m6p7
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection
Moderate
GHSA-47qw-ccjm-9c2c
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete...
High
Unreviewed
CVE-2018-9375
was published
Jan 18, 2025
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
Moderate
CVE-2015-5319
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API