Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

251 advisories

Loading
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory High
CVE-2025-52888 was published for io.qameta.allure.plugins:junit-xml-plugin (Maven) Jun 25, 2025
DerekHaber baev
PowSyBl Core XML Reader allows XXE and SSRF Low
CVE-2025-47293 was published for com.powsybl:powsybl-commons (Maven) Jun 19, 2025
AdamKorcz arthurscchan
rolnico olperr1
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint High
GHSA-2p76-gc46-5fvc was published for org.geonetwork-opensource:gn-web-app (Maven) Jun 10, 2025
jodygarnett josegar74
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service High
CVE-2025-30220 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
xbow-security YacineF
aaime jodygarnett
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling Critical
GHSA-826p-4gcg-35vw was published for org.geotools:gt-wfs-ng (Maven) Jun 9, 2025
aaime jodygarnett
Eclipse JGit XML External Entity (XXE) Vulnerability Moderate
CVE-2025-4949 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) May 21, 2025
BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Entity Reference Critical
CVE-2025-4641 was published for io.github.bonigarcia:webdrivermanager (Maven) May 14, 2025
WSO2 API Manager XML External Entity (XXE) vulnerability Critical
CVE-2025-2905 was published for org.wso2.am:am-distribution-parent (Maven) May 5, 2025
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server High
CVE-2025-31487 was published for org.xwiki.contrib.jira:jira-macro-default (Maven) Apr 4, 2025
LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection Moderate
GHSA-47qw-ccjm-9c2c was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API Moderate
GHSA-v232-254c-m6p7 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection Moderate
GHSA-2466-4485-4pxj was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection Moderate
CVE-2025-27136 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
Lucee RCE/XXE Vulnerability Critical
CVE-2023-38693 was published for org.lucee:lucee (Maven) Mar 5, 2025
rootxharsh zspitzer
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` High
CVE-2024-52807 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
dotasek
Ucum-java has an XXE vulnerability in XML parsing High
CVE-2024-55887 was published for org.fhir:ucum (Maven) Dec 13, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability Low
CVE-2024-52800 was published for org.verapdf:core (Maven) Dec 2, 2024
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` High
CVE-2024-52007 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Nov 8, 2024
soaringlion
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability Moderate
CVE-2024-28168 was published for org.apache.xmlgraphics:fop-core (Maven) Oct 9, 2024
westonsteimel
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database