Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,311
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

761 advisories

Loading
Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration... Moderate Unreviewed
CVE-2025-4338 was published May 23, 2025
XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This... High Unreviewed
CVE-2025-27523 was published May 15, 2025
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method... High Unreviewed
CVE-2025-4639 was published May 14, 2025
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All... High Unreviewed
CVE-2024-51445 was published May 13, 2025
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated... High Unreviewed
CVE-2025-30018 was published May 13, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed
CVE-2025-2775 was published May 7, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed
CVE-2025-2777 was published May 7, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE)... Critical Unreviewed
CVE-2025-2776 was published May 7, 2025
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper... High Unreviewed
CVE-2025-22478 was published May 6, 2025
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An... Moderate Unreviewed
CVE-2025-34490 was published Apr 28, 2025
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary... Moderate Unreviewed
CVE-2025-2070 was published Apr 25, 2025
Overview   XML documents optionally contain a Document Type Definition (DTD), which, among... Moderate Unreviewed
CVE-2025-24910 was published Apr 17, 2025
Overview   XML documents optionally contain a Document Type Definition (DTD), which, among... Moderate Unreviewed
CVE-2025-24911 was published Apr 17, 2025
An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1... Moderate Unreviewed
CVE-2025-32406 was published Apr 8, 2025
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps... Moderate Unreviewed
CVE-2025-32138 was published Apr 4, 2025
In JetBrains GoLand before 2025.1 an XXE during debugging was possible Moderate Unreviewed
CVE-2025-29932 was published Mar 25, 2025
Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows... Moderate Unreviewed
CVE-2025-25036 was published Mar 21, 2025
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE... High Unreviewed
CVE-2025-0162 was published Mar 7, 2025
External XML entity injection allows arbitrary download of files. The score without least... Moderate Unreviewed
CVE-2025-24521 was published Mar 5, 2025
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity... High Unreviewed
CVE-2024-49781 was published Feb 20, 2025
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to... High Unreviewed
CVE-2023-47160 was published Feb 19, 2025
RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a... Moderate Unreviewed
CVE-2024-25066 was published Feb 17, 2025
IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing... High Unreviewed
CVE-2024-54171 was published Feb 6, 2025
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and... High Unreviewed
CVE-2024-49352 was published Feb 5, 2025
BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML... Low Unreviewed
CVE-2024-42185 was published Jan 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database