Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

383 advisories

Loading
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows... Moderate Unreviewed
CVE-2020-37192 was published Feb 11, 2026
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file ... Moderate Unreviewed
CVE-2026-2074 was published Feb 7, 2026
Apache Syncope: Console XXE on Keymaster parameters Moderate
CVE-2026-23795 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-console (Maven) Feb 3, 2026
Bio-Formats has an XML External Entity (XXE) vulnerability Moderate
CVE-2026-22186 was published for ome:pom-bio-formats (Maven) Jan 7, 2026
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco... Moderate Unreviewed
CVE-2026-20029 was published Jan 7, 2026
Apache SIS has Improper Restriction of XML External Entity Reference vulnerability Moderate
CVE-2025-68280 was published for org.apache.sis.core:sis-metadata (Maven) Jan 5, 2026
OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow... Moderate Unreviewed
CVE-2024-58335 was published Dec 24, 2025
Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez Moderate
CVE-2025-68463 was published for biopython (pip) Dec 18, 2025
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction... Moderate Unreviewed
CVE-2025-61823 was published Dec 10, 2025
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction... Moderate Unreviewed
CVE-2025-61821 was published Dec 10, 2025
Peppol-py is vulnerable to XXE attacks due to Saxon configuration Moderate
CVE-2025-66371 was published for peppol_py (pip) Nov 28, 2025
Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD... Moderate Unreviewed
CVE-2025-66370 was published Nov 28, 2025
WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks Moderate
CVE-2025-10713 was published for org.wso2.carbon.mediation:org.wso2.carbon.localentry (Maven) Nov 5, 2025
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper... Moderate Unreviewed
CVE-2025-46425 was published Oct 24, 2025
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of... Moderate Unreviewed
CVE-2025-11341 was published Oct 6, 2025
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2025-20369 was published Oct 1, 2025
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is... Moderate Unreviewed
CVE-2025-11140 was published Sep 29, 2025
A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of... Moderate Unreviewed
CVE-2025-11035 was published Sep 26, 2025
A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file ... Moderate Unreviewed
CVE-2025-10816 was published Sep 23, 2025
A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file ... Moderate Unreviewed
CVE-2025-10092 was published Sep 8, 2025
A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the... Moderate Unreviewed
CVE-2025-10091 was published Sep 8, 2025
Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity... Moderate Unreviewed
CVE-2025-57704 was published Aug 26, 2025
Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External... Moderate Unreviewed
CVE-2025-26484 was published Aug 14, 2025
A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA... Moderate Unreviewed
CVE-2025-40584 was published Aug 12, 2025
Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of... Moderate Unreviewed
CVE-2025-36608 was published Jul 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database