Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,232 advisories

Loading
HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory Critical
CVE-2026-55471 was published for ca.uhn.hapi.fhir:org.hl7.fhir.utilities (Maven) Jun 17, 2026
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution Moderate
CVE-2025-58175 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
lemauanhphong Credited to lemauanhphong and jodygarnett jodygarnett jodygarnett
Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a... Critical Unreviewed
CVE-2026-49875 was published Jun 12, 2026
Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a... High Unreviewed
CVE-2026-40998 was published Jun 11, 2026
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API... Moderate Unreviewed
CVE-2026-40991 was published Jun 10, 2026
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML... High Unreviewed
CVE-2026-47960 was published Jun 9, 2026
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could... High Unreviewed
CVE-2026-8045 was published Jun 9, 2026
Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend Moderate
CVE-2026-44018 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible Low Unreviewed
CVE-2026-49383 was published May 29, 2026
Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true Low
CVE-2026-45071 was published for symfony/dom-crawler (Composer) May 27, 2026
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0,... High Unreviewed
CVE-2026-2253 was published May 27, 2026
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulnerable to an XML external... High Unreviewed
CVE-2026-3603 was published May 26, 2026
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to... Moderate Unreviewed
CVE-2026-44618 was published May 26, 2026
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx... Moderate Unreviewed
CVE-2026-46722 was published May 19, 2026
Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing... Moderate Unreviewed
CVE-2026-39053 was published May 15, 2026
fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes High
CVE-2026-44665 was published for fast-xml-builder (npm) May 8, 2026
amitguptagwl Credited to amitguptagwl
Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information High
CVE-2023-42344 was published for org.opencms:opencms-core (Maven) May 8, 2026
Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host High
CVE-2023-42346 was published for org.opencms:opencms-core (Maven) May 8, 2026
Grav is Vulnerable to XXE via SVG Upload Moderate
GHSA-3446-6mgw-f79p was published for getgrav/grav (Composer) May 5, 2026
OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature... Critical Unreviewed
CVE-2026-38429 was published May 5, 2026
changedetection.io project has an XXE vulnerability High
CVE-2026-41895 was published for changedetection.io (pip) May 4, 2026
FORIMOC Credited to FORIMOC and Yuremin Yuremin Yuremin
Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing Critical
CVE-2026-40682 was published for org.apache.opennlp:opennlp-tools (Maven) May 4, 2026
jOpenDocument has an improper restriction of XML external entity reference vulnerability Moderate
CVE-2026-6501 was published for org.jopendocument:jOpenDocument (Maven) May 4, 2026
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4... High Unreviewed
CVE-2026-36765 was published Apr 30, 2026
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core... High Unreviewed
CVE-2025-14543 was published Apr 30, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database