Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,065 advisories

Loading
e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE... Moderate Unreviewed
CVE-2023-46802 was published Nov 6, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the... Moderate Unreviewed
CVE-2022-34832 was published Oct 27, 2023
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack... Moderate Unreviewed
CVE-2023-43067 was published Oct 23, 2023
CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper... Moderate Unreviewed
CVE-2023-43624 was published Oct 23, 2023
svg_optimizer rubygem external XML entity (XXE) vulnerability Moderate
CVE-2023-46035 was published for svg_optimizer (RubyGems) Oct 20, 2023
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and... High Unreviewed
CVE-2023-45727 was published Oct 18, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2022-32755 was published Oct 14, 2023
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details... Moderate Unreviewed
CVE-2023-41365 was published Oct 10, 2023
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was... Critical Unreviewed
CVE-2023-45612 was published Oct 9, 2023
FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external... Moderate Unreviewed
CVE-2023-42132 was published Oct 2, 2023
codehaus-plexus vulnerable to XML injection Moderate
CVE-2022-4245 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti... High Unreviewed
CVE-2023-38343 was published Sep 21, 2023
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client... High Unreviewed
CVE-2023-3892 was published Sep 19, 2023
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106... Unknown Unreviewed
CVE-2023-41369 was published Sep 14, 2023
Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin Moderate
CVE-2023-41932 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Sep 6, 2023
Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability High
CVE-2023-41933 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Sep 6, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External... Critical Unreviewed
CVE-2023-35892 was published Sep 5, 2023
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to... High Unreviewed
CVE-2023-40239 was published Sep 1, 2023
DDFFileParser is vulnerable to XXE Attacks Moderate
CVE-2023-41034 was published for org.eclipse.leshan:leshan-core (Maven) Aug 31, 2023
JaroslawLegierski
Esoteric YamlBeans XML Entity Expansion vulnerability Moderate
CVE-2023-24620 was published for com.esotericsoftware.yamlbeans:yamlbeans (Maven) Aug 25, 2023
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no... Critical Unreviewed
CVE-2022-48565 was published Aug 22, 2023
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
OpenNMS Horizon XXE Injection Vulnerability High
CVE-2023-0871 was published for org.opennms.core:org.opennms.core.xml (Maven) Aug 11, 2023
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. Critical Unreviewed
CVE-2023-32567 was published Aug 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database