Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2014-3529 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity... Moderate Unreviewed
CVE-2023-30951 was published Aug 4, 2023
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view... Moderate Unreviewed
CVE-2023-35786 was published Jul 5, 2023
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack... Moderate Unreviewed
CVE-2023-43067 was published Oct 23, 2023
FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external... Moderate Unreviewed
CVE-2023-42132 was published Oct 2, 2023
Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE... Moderate Unreviewed
CVE-2023-32639 was published Jul 25, 2023
XBRL data create application version 7.0 and earlier improperly restricts XML external entity... Moderate Unreviewed
CVE-2023-32635 was published Jul 19, 2023
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2023-37200 was published Jul 12, 2023
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... Moderate Unreviewed
CVE-2023-2161 was published Jul 6, 2023
Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC... Moderate Unreviewed
CVE-2023-29498 was published Jun 13, 2023
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can... Moderate Unreviewed
CVE-2023-32706 was published Jun 1, 2023
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user... Moderate Unreviewed
CVE-2022-45876 was published Apr 27, 2023
Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to conduct an XXE attack. Moderate Unreviewed
CVE-2023-29443 was published Apr 26, 2023
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance... Moderate Unreviewed
CVE-2023-26058 was published Apr 25, 2023
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the... Moderate Unreviewed
CVE-2023-26057 was published Apr 25, 2023
All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML... Moderate Unreviewed
CVE-2023-26264 was published Apr 13, 2023
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML... Moderate Unreviewed
CVE-2023-26263 was published Apr 13, 2023
National land numerical information data conversion tool all versions improperly restricts XML... Moderate Unreviewed
CVE-2023-25955 was published Apr 11, 2023
An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated,... Moderate Unreviewed
CVE-2020-7036 was published May 24, 2022
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura... Moderate Unreviewed
CVE-2020-7035 was published May 24, 2022
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build... Moderate Unreviewed
CVE-2021-28973 was published May 24, 2022
WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. Moderate Unreviewed
CVE-2019-14276 was published May 24, 2022
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco... Moderate Unreviewed
CVE-2019-12711 was published May 24, 2022
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable... Moderate Unreviewed
CVE-2019-9488 was published May 24, 2022
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin... Moderate Unreviewed
CVE-2019-15641 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database