GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 29,215
Composer 5,632
Erlang 49
GitHub Actions 49
Go 3,549
Maven 6,424
npm 5,851
NuGet 917
pip 4,798
Pub 13
RubyGems 1,038
Rust 1,237
Swift 53

Unreviewed advisories

All unreviewed 298,250

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

356 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly... High Unreviewed

CVE-2024-2374 was published Apr 16, 2026

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional ... High Unreviewed

CVE-2026-4374 was published Apr 1, 2026

Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload... High Unreviewed

CVE-2026-29924 was published Mar 30, 2026

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko... High Unreviewed

CVE-2026-3511 was published Mar 19, 2026

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE)... High Unreviewed

CVE-2026-1567 was published Mar 3, 2026

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request... High Unreviewed

CVE-2026-2252 was published Feb 27, 2026

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1... High Unreviewed

CVE-2025-36247 was published Feb 17, 2026

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... High Unreviewed

CVE-2026-1227 was published Feb 11, 2026

This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7... High Unreviewed

CVE-2026-21569 was published Jan 28, 2026

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE)... High Unreviewed

CVE-2025-14478 was published Jan 17, 2026

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that... High Unreviewed

CVE-2022-50899 was published Jan 14, 2026

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML... High Unreviewed

CVE-2025-36589 was published Jan 6, 2026

KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the... High Unreviewed

CVE-2019-25253 was published Dec 24, 2025

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity ... High Unreviewed

CVE-2018-25142 was published Dec 24, 2025

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction... High Unreviewed

CVE-2025-61813 was published Dec 10, 2025

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML... High Unreviewed

CVE-2025-63917 was published Nov 17, 2025

N-central versions < 2025.4 are vulnerable to an XML External Entities injection leading to... High Unreviewed

CVE-2025-11700 was published Nov 12, 2025

A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity ... High Unreviewed

CVE-2025-63551 was published Nov 6, 2025

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external... High Unreviewed

CVE-2025-12531 was published Nov 3, 2025

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and... High Unreviewed

CVE-2025-48006 was published Sep 29, 2025

Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language... High Unreviewed

CVE-2023-7307 was published Aug 28, 2025

Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for... High Unreviewed

CVE-2025-4044 was published Aug 19, 2025

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external... High Unreviewed

CVE-2025-8355 was published Aug 8, 2025

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of... High Unreviewed

CVE-2025-54254 was published Aug 5, 2025

Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics... High Unreviewed

CVE-2025-54445 was published Jul 23, 2025

Previous1…15 Next

Previous 1 2 3 4 5 … 14 15 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

356 advisories