Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,065 advisories

Loading
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated... High Unreviewed
CVE-2024-24743 was published Feb 13, 2024
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport. Moderate Unreviewed
CVE-2023-52239 was published Feb 6, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... High Unreviewed
CVE-2023-32327 was published Feb 3, 2024
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can... Moderate Unreviewed
CVE-2024-1167 was published Feb 1, 2024
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on... Moderate Unreviewed
CVE-2023-4554 was published Jan 29, 2024
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture... Moderate Unreviewed
CVE-2024-22380 was published Jan 24, 2024
Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check... Moderate Unreviewed
CVE-2024-21765 was published Jan 24, 2024
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and... Moderate Unreviewed
CVE-2024-21796 was published Jan 24, 2024
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to... Moderate Unreviewed
CVE-2024-23525 was published Jan 18, 2024
fonttools XML External Entity Injection (XXE) Vulnerability High
CVE-2023-45139 was published for fonttools (pip) Jan 9, 2024
acornall
Qualys Jenkins Plugin for WAS XML External Entity vulnerability Moderate
CVE-2023-6149 was published for com.qualys.plugins:qualys-was (Maven) Jan 9, 2024
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability Moderate
CVE-2023-6147 was published for com.qualys.plugins:qualys-pc (Maven) Jan 9, 2024
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2023-26999 was published Jan 9, 2024
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a... Critical Unreviewed
CVE-2023-52252 was published Dec 30, 2023
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or... Moderate Unreviewed
CVE-2023-46265 was published Dec 19, 2023
An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions... High Unreviewed
CVE-2023-6280 was published Dec 19, 2023
WSO2 products vulnerable to XML External Entity attack Moderate
CVE-2023-6836 was published for org.wso2.am:wso2am (Maven) Dec 15, 2023
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with... High Unreviewed
CVE-2023-6721 was published Dec 13, 2023
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered... Low Unreviewed
CVE-2023-6194 was published Dec 11, 2023
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability Critical
CVE-2023-49733 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
Jenkins MATLAB Plugin XML External Entity vulnerability High
CVE-2023-49656 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML... High Unreviewed
CVE-2023-22274 was published Nov 17, 2023
A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2... High Unreviewed
CVE-2023-46590 was published Nov 14, 2023
Duplicate Advisory: Eclipse IDE XXE in eclipse.platform Moderate
GHSA-cc4w-3cff-j8fw was published for org.eclipse.platform:eclipse.platform (Maven) Nov 9, 2023 withdrawn
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in... Moderate Unreviewed
CVE-2023-5136 was published Nov 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database