Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,006
Maven
5,000+
npm
4,735
NuGet
814
pip
4,344
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

371 advisories

Loading
Apache Syncope: Console XXE on Keymaster parameters Moderate
CVE-2026-23795 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-console (Maven) Feb 3, 2026
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion High
CVE-2026-24400 was published for org.assertj:assertj-core (Maven) Jan 26, 2026
wxt201 scordio
Credited to wxt201 and scordio
XDocReport affected by an XML External Entity (XXE) vulnerability Critical
CVE-2025-65482 was published for fr.opensagres.xdocreport:fr.opensagres.xdocreport.document (Maven) Jan 20, 2026
Apache Struts 2 is Missing XML Validation High
CVE-2025-68493 was published for com.opensymphony:xwork (Maven) Jan 11, 2026
Bio-Formats has an XML External Entity (XXE) vulnerability Moderate
CVE-2026-22186 was published for ome:pom-bio-formats (Maven) Jan 7, 2026
Apache SIS has Improper Restriction of XML External Entity Reference vulnerability Moderate
CVE-2025-68280 was published for org.apache.sis.core:sis-metadata (Maven) Jan 5, 2026
Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez Moderate
CVE-2025-68463 was published for biopython (pip) Dec 18, 2025
Apache Tika has XXE vulnerability Critical
CVE-2025-66516 was published for org.apache.tika:tika-core (Maven) Dec 4, 2025
Mustangproject allows exfiltrating files via XXE attacks Low
CVE-2025-66372 was published for org.mustangproject:library (Maven) Nov 28, 2025
Peppol-py is vulnerable to XXE attacks due to Saxon configuration Moderate
CVE-2025-66371 was published for peppol_py (pip) Nov 28, 2025
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature High
CVE-2025-58360 was published for org.geoserver.web:gs-web-app (Maven) Nov 25, 2025
xbow-security jodygarnett
Credited to xbow-security and jodygarnett
CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection High
CVE-2025-64518 was published for org.cyclonedx:cyclonedx-core-java (Maven) Nov 10, 2025
nscuro BrightKn1ght
Credited to nscuro and BrightKn1ght
WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks Moderate
CVE-2025-10713 was published for org.wso2.carbon.mediation:org.wso2.carbon.localentry (Maven) Nov 5, 2025
Jenkins JDepend Plugin vulnerable to XML external entity attacks High
CVE-2025-64134 was published for org.jenkins-ci.plugins:jdepend (Maven) Oct 29, 2025
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing High
CVE-2025-6985 was published for langchain-text-splitters (pip) Oct 6, 2025
chaliy
Credited to chaliy
Langchain Community Vulnerable to XML External Entity (XXE) Attacks High
CVE-2025-6984 was published for langchain-community (pip) Sep 4, 2025
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF Critical
CVE-2025-54988 was published for org.apache.tika:tika-parser-pdf-module (Maven) Aug 20, 2025
vlsi
Credited to vlsi
DSpace is vulnerable to XML External Entity injection during archive imports Moderate
CVE-2025-53621 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
superpegaso2703 kshepherd
tdonohue
Credited to superpegaso2703, kshepherd, and tdonohue
Apache Jackrabbit vulnerable to blind XXE attack due to insecure document build High
CVE-2025-53689 was published for org.apache.jackrabbit:jackrabbit-core (Maven) Jul 14, 2025
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory High
CVE-2025-52888 was published for io.qameta.allure.plugins:junit-xml-plugin (Maven) Jun 25, 2025
DerekHaber baev
Credited to DerekHaber and baev
PowSyBl Core XML Reader allows XXE and SSRF Low
CVE-2025-47293 was published for com.powsybl:powsybl-commons (Maven) Jun 19, 2025
AdamKorcz arthurscchan
rolnico olperr1
Credited to AdamKorcz, arthurscchan, rolnico, and olperr1
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint High
GHSA-2p76-gc46-5fvc was published for org.geonetwork-opensource:gn-web-app (Maven) Jun 10, 2025
jodygarnett josegar74
Credited to jodygarnett and josegar74
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service High
CVE-2025-30220 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
xbow-security YacineF
aaime jodygarnett
Credited to xbow-security, YacineF, aaime, and jodygarnett
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
Credited to lemauanhphong and jodygarnett
GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling Critical
GHSA-826p-4gcg-35vw was published for org.geotools:gt-wfs-ng (Maven) Jun 9, 2025
aaime jodygarnett
Credited to aaime and jodygarnett
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database