Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,189 advisories

Loading
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1... High Unreviewed
CVE-2025-36247 was published Feb 17, 2026
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows... Moderate Unreviewed
CVE-2020-37192 was published Feb 11, 2026
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could... High Unreviewed
CVE-2026-1227 was published Feb 11, 2026
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file ... Moderate Unreviewed
CVE-2026-2074 was published Feb 7, 2026
Apache Syncope: Console XXE on Keymaster parameters Moderate
CVE-2026-23795 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-console (Maven) Feb 3, 2026
This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7... High Unreviewed
CVE-2026-21569 was published Jan 28, 2026
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion High
CVE-2026-24400 was published for org.assertj:assertj-core (Maven) Jan 26, 2026
wxt201 scordio
Credited to wxt201 and scordio
XDocReport affected by an XML External Entity (XXE) vulnerability Critical
CVE-2025-65482 was published for fr.opensagres.xdocreport:fr.opensagres.xdocreport.document (Maven) Jan 20, 2026
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE)... High Unreviewed
CVE-2025-14478 was published Jan 17, 2026
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that... High Unreviewed
CVE-2022-50899 was published Jan 14, 2026
Apache Struts 2 is Missing XML Validation High
CVE-2025-68493 was published for com.opensymphony:xwork (Maven) Jan 11, 2026
Bio-Formats has an XML External Entity (XXE) vulnerability Moderate
CVE-2026-22186 was published for ome:pom-bio-formats (Maven) Jan 7, 2026
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco... Moderate Unreviewed
CVE-2026-20029 was published Jan 7, 2026
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML... High Unreviewed
CVE-2025-36589 was published Jan 6, 2026
Apache SIS has Improper Restriction of XML External Entity Reference vulnerability Moderate
CVE-2025-68280 was published for org.apache.sis.core:sis-metadata (Maven) Jan 5, 2026
KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the... High Unreviewed
CVE-2019-25253 was published Dec 24, 2025
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity ... High Unreviewed
CVE-2018-25142 was published Dec 24, 2025
OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow... Moderate Unreviewed
CVE-2024-58335 was published Dec 24, 2025
Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez Moderate
CVE-2025-68463 was published for biopython (pip) Dec 18, 2025
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction... Moderate Unreviewed
CVE-2025-61823 was published Dec 10, 2025
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction... High Unreviewed
CVE-2025-61813 was published Dec 10, 2025
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction... Moderate Unreviewed
CVE-2025-61821 was published Dec 10, 2025
Apache Tika has XXE vulnerability Critical
CVE-2025-66516 was published for org.apache.tika:tika-core (Maven) Dec 4, 2025
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial... Critical Unreviewed
CVE-2025-65868 was published Dec 3, 2025
Mustangproject allows exfiltrating files via XXE attacks Low
CVE-2025-66372 was published for org.mustangproject:library (Maven) Nov 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database