Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,799
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,351
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,216 advisories

Loading
fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes High
CVE-2026-44665 was published for fast-xml-builder (npm) May 8, 2026
amitguptagwl Credited to amitguptagwl
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive... High Unreviewed
CVE-2023-42344 was published May 8, 2026
Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host. High Unreviewed
CVE-2023-42346 was published May 8, 2026
Grav is Vulnerable to XXE via SVG Upload Moderate
GHSA-3446-6mgw-f79p was published for getgrav/grav (Composer) May 5, 2026
OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature... Critical Unreviewed
CVE-2026-38429 was published May 5, 2026
changedetection.io project has an XXE vulnerability High
CVE-2026-41895 was published for changedetection.io (pip) May 4, 2026
FORIMOC Credited to FORIMOC and Yuremin Yuremin Yuremin
Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing Critical
CVE-2026-40682 was published for org.apache.opennlp:opennlp-tools (Maven) May 4, 2026
jOpenDocument has an improper restriction of XML external entity reference vulnerability Moderate
CVE-2026-6501 was published for org.jopendocument:jOpenDocument (Maven) May 4, 2026
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4... High Unreviewed
CVE-2026-36765 was published Apr 30, 2026
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core... High Unreviewed
CVE-2025-14543 was published Apr 30, 2026
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro... High Unreviewed
CVE-2024-13971 was published Apr 30, 2026
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP... High Unreviewed
CVE-2024-39847 was published Apr 30, 2026
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling... Moderate Unreviewed
CVE-2026-6807 was published Apr 28, 2026
lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files High
CVE-2026-41066 was published for lxml (pip) Apr 21, 2026
Brubbish Credited to Brubbish
The component accepts XML input through the publisher without disabling external entity... Low Unreviewed
CVE-2024-8010 was published Apr 16, 2026
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly... High Unreviewed
CVE-2024-2374 was published Apr 16, 2026
OpenRemote has XXE in Velbus Asset Import High
CVE-2026-40882 was published for io.openremote:openremote-manager (Maven) Apr 15, 2026
KKC73 Credited to KKC73
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability High
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional ... High Unreviewed
CVE-2026-4374 was published Apr 1, 2026
Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload... High Unreviewed
CVE-2026-29924 was published Mar 30, 2026
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before... Moderate Unreviewed
CVE-2026-4980 was published Mar 27, 2026
esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages Moderate
CVE-2026-28809 was published for esaml (Erlang) Mar 23, 2026
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE)... Moderate Unreviewed
CVE-2026-33371 was published Mar 20, 2026
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko... High Unreviewed
CVE-2026-3511 was published Mar 19, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE)... High Unreviewed
CVE-2026-1567 was published Mar 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database