Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML... Moderate Unreviewed
CVE-2025-7473 was published Oct 21, 2025
An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1... Moderate Unreviewed
CVE-2025-60833 was published Oct 8, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection... Moderate Unreviewed
CVE-2025-54251 was published Sep 9, 2025
XML Injection vulnerability in xmltodict allows Input Data Manipulation.This issue affects... Moderate Unreviewed
CVE-2025-9375 was published Sep 5, 2025
An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 7... Moderate Unreviewed
CVE-2025-47184 was published Aug 21, 2025
An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java... Moderate Unreviewed
CVE-2025-25589 was published Mar 18, 2025
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1... Moderate Unreviewed
CVE-2023-35858 was published Jun 13, 2024
An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while... Moderate Unreviewed
CVE-2024-33858 was published May 7, 2024
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This... Moderate Unreviewed
CVE-2023-32173 was published May 3, 2024
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application... Moderate Unreviewed
CVE-2024-2648 was published Mar 20, 2024
A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security... Moderate Unreviewed
CVE-2024-2645 was published Mar 20, 2024
codehaus-plexus vulnerable to XML injection Moderate
CVE-2022-4245 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
Magento Open Source allows XML Injection Moderate
CVE-2023-29289 was published for magento/community-edition (Composer) Jun 15, 2023
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an... Moderate Unreviewed
CVE-2022-22244 was published Oct 18, 2022
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of... Moderate Unreviewed
CVE-2022-22243 was published Oct 18, 2022
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0... Moderate Unreviewed
CVE-2019-9892 was published May 24, 2022
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0... Moderate Unreviewed
CVE-2021-22524 was published May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs... Moderate Unreviewed
CVE-2021-31347 was published May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs... Moderate Unreviewed
CVE-2021-31348 was published May 24, 2022
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1... Moderate Unreviewed
CVE-2020-3846 was published May 24, 2022
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML... Moderate Unreviewed
CVE-2019-20201 was published May 24, 2022
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1,... Moderate Unreviewed
CVE-2019-0370 was published May 24, 2022
XML Injection in Apache Solr Moderate
CVE-2013-6408 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks... Moderate Unreviewed
CVE-2016-2932 was published May 17, 2022
XML Injection in Xerces Java affects Nokogiri Moderate
GHSA-xxx9-3xcr-gjj3 was published for nokogiri (RubyGems) Apr 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database