GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,693
Composer 4,732
Erlang 35
GitHub Actions 29
Go 2,310
Maven 5,598
npm 3,949
NuGet 711
pip 3,728
Pub 12
RubyGems 920
Rust 964
Swift 38

Unreviewed advisories

All unreviewed 257,387

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

257 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration... Moderate Unreviewed

CVE-2025-4338 was published May 23, 2025

An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it... Moderate Unreviewed

CVE-2019-0948 was published May 24, 2022

CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash... Moderate Unreviewed

CVE-2022-45194 was published Nov 12, 2022

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An... Moderate Unreviewed

CVE-2025-34490 was published Apr 28, 2025

An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary... Moderate Unreviewed

CVE-2025-2070 was published Apr 25, 2025

tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access... Moderate Unreviewed

CVE-2017-15639 was published May 17, 2022

XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml... Moderate Unreviewed

CVE-2017-9095 was published May 17, 2022

XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows... Moderate Unreviewed

CVE-2017-11457 was published May 13, 2022

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager... Moderate Unreviewed

CVE-2017-9295 was published May 17, 2022

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware... Moderate Unreviewed

CVE-2017-7907 was published May 17, 2022

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ... Moderate Unreviewed

CVE-2017-3548 was published May 13, 2022

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file... Moderate Unreviewed

CVE-2017-7457 was published May 17, 2022

Overview XML documents optionally contain a Document Type Definition (DTD), which, among... Moderate Unreviewed

CVE-2025-24910 was published Apr 17, 2025

Overview XML documents optionally contain a Document Type Definition (DTD), which, among... Moderate Unreviewed

CVE-2025-24911 was published Apr 17, 2025

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote... Moderate Unreviewed

CVE-2015-2125 was published May 13, 2022

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option... Moderate Unreviewed

CVE-2015-3451 was published May 13, 2022

An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1... Moderate Unreviewed

CVE-2025-32406 was published Apr 8, 2025

Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps... Moderate Unreviewed

CVE-2025-32138 was published Apr 4, 2025

Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX... Moderate Unreviewed

CVE-2023-22322 was published Jan 30, 2023

An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an... Moderate Unreviewed

CVE-2023-49234 was published Mar 29, 2024

In JetBrains GoLand before 2025.1 an XXE during debugging was possible Moderate Unreviewed

CVE-2025-29932 was published Mar 25, 2025

Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows... Moderate Unreviewed

CVE-2025-25036 was published Mar 21, 2025

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business... Moderate Unreviewed

CVE-2024-21048 was published Apr 17, 2024

In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of... Moderate Unreviewed

CVE-2018-9379 was published Jan 18, 2025

External XML entity injection allows arbitrary download of files. The score without least... Moderate Unreviewed

CVE-2025-24521 was published Mar 5, 2025

Previous 1 2 3 4 5 … 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

257 advisories