Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,200 advisories

Loading
OpenRemote has XXE in Velbus Asset Import High
CVE-2026-40882 was published for io.openremote:openremote-manager (Maven) Apr 15, 2026
KKC73 Credited to KKC73
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability High
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional ... High Unreviewed
CVE-2026-4374 was published Apr 1, 2026
Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload... High Unreviewed
CVE-2026-29924 was published Mar 30, 2026
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before... Moderate Unreviewed
CVE-2026-4980 was published Mar 27, 2026
esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages Moderate
CVE-2026-28809 was published for esaml (Erlang) Mar 23, 2026
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE)... Moderate Unreviewed
CVE-2026-33371 was published Mar 20, 2026
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko... High Unreviewed
CVE-2026-3511 was published Mar 19, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE)... High Unreviewed
CVE-2026-1567 was published Mar 3, 2026
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3404 was published Mar 2, 2026
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request... High Unreviewed
CVE-2026-2252 was published Feb 27, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1... High Unreviewed
CVE-2025-36247 was published Feb 17, 2026
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows... Moderate Unreviewed
CVE-2020-37192 was published Feb 11, 2026
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... High Unreviewed
CVE-2026-1227 was published Feb 11, 2026
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file ... Moderate Unreviewed
CVE-2026-2074 was published Feb 7, 2026
Apache Syncope: Console XXE on Keymaster parameters Moderate
CVE-2026-23795 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-console (Maven) Feb 3, 2026
This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7... High Unreviewed
CVE-2026-21569 was published Jan 28, 2026
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion High
CVE-2026-24400 was published for org.assertj:assertj-core (Maven) Jan 26, 2026
wxt201 Credited to wxt201 and scordio scordio scordio
XDocReport affected by an XML External Entity (XXE) vulnerability Critical
CVE-2025-65482 was published for fr.opensagres.xdocreport:fr.opensagres.xdocreport.document (Maven) Jan 20, 2026
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE)... High Unreviewed
CVE-2025-14478 was published Jan 17, 2026
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that... High Unreviewed
CVE-2022-50899 was published Jan 14, 2026
Apache Struts 2 is Missing XML Validation High
CVE-2025-68493 was published for com.opensymphony:xwork (Maven) Jan 11, 2026
Bio-Formats has an XML External Entity (XXE) vulnerability Moderate
CVE-2026-22186 was published for ome:pom-bio-formats (Maven) Jan 7, 2026
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco... Moderate Unreviewed
CVE-2026-20029 was published Jan 7, 2026
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML... High Unreviewed
CVE-2025-36589 was published Jan 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database