Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,132 advisories

Loading
Langroid Allows XXE Injection via XMLToolMessage High
CVE-2025-46726 was published for langroid (pip) May 5, 2025
SCH227
WSO2 API Manager XML External Entity (XXE) vulnerability Critical
CVE-2025-2905 was published for org.wso2.am:am-distribution-parent (Maven) May 5, 2025
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R)... High Unreviewed
CVE-2022-21205 was published Feb 11, 2022
Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before... High Unreviewed
CVE-2022-21220 was published Feb 11, 2022
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash... Moderate Unreviewed
CVE-2022-45194 was published Nov 12, 2022
XXE vulnerability in Jenkins JAPEX Plugin High
CVE-2022-45400 was published for org.jvnet.hudson.plugins:japex (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin Moderate
CVE-2022-45397 was published for org.jenkins-ci:update-center2 (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability on agents in Jenkins SourceMonitor Plugin Moderate
CVE-2022-45396 was published for com.thalesgroup.hudson.plugins:sourcemonitor (Maven) Nov 16, 2022
NotMyFault
XML External Entity Reference in Jenkins CCCC Plugin Critical
CVE-2022-45395 was published for com.thalesgroup.jenkins-ci.plugins:cccc (Maven) Nov 16, 2022
NotMyFault
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can... High Unreviewed
CVE-2022-40304 was published Nov 23, 2022
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An... Moderate Unreviewed
CVE-2025-34490 was published Apr 28, 2025
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary... Moderate Unreviewed
CVE-2025-2070 was published Apr 25, 2025
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2... Critical Unreviewed
CVE-2014-3630 was published May 13, 2022
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access... Moderate Unreviewed
CVE-2017-15639 was published May 17, 2022
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML... Critical Unreviewed
CVE-2014-0030 was published May 14, 2022
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Critical Unreviewed
CVE-2015-7241 was published May 14, 2022
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml... Moderate Unreviewed
CVE-2017-9095 was published May 17, 2022
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an... High Unreviewed
CVE-2017-12216 was published May 13, 2022
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows... High Unreviewed
CVE-2017-9233 was published May 13, 2022
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows... Moderate Unreviewed
CVE-2017-11457 was published May 13, 2022
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted... High Unreviewed
CVE-2017-1000061 was published May 13, 2022
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. High Unreviewed
CVE-2017-1000021 was published May 14, 2022
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved... High Unreviewed
CVE-2017-6662 was published May 14, 2022
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager... Moderate Unreviewed
CVE-2017-9295 was published May 17, 2022
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware... Moderate Unreviewed
CVE-2017-7907 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database