Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions High
CVE-2026-46490 was published for samlify (npm) May 21, 2026
RootUp Credited to RootUp
fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes High
CVE-2026-44665 was published for fast-xml-builder (npm) May 8, 2026
amitguptagwl Credited to amitguptagwl
fast-xml-builder Comment Value regex can be bypassed Moderate
CVE-2026-44664 was published for fast-xml-builder (npm) May 8, 2026
amitguptagwl Credited to amitguptagwl
Kirby has XML injection in its XML creator toolkit Moderate
CVE-2026-32870 was published for getkirby/cms (Composer) Apr 23, 2026
dapatrese Credited to dapatrese
xmldom has XML injection through unvalidated DocumentType serialization High
CVE-2026-41674 was published for @xmldom/xmldom (npm) Apr 22, 2026
TharVid Credited to TharVid
xmldom has XML node injection through unvalidated processing instruction serialization High
CVE-2026-41675 was published for @xmldom/xmldom (npm) Apr 22, 2026
tlsbollei Credited to tlsbollei and TharVid TharVid TharVid
xmldom has XML node injection through unvalidated comment serialization High
CVE-2026-41672 was published for @xmldom/xmldom (npm) Apr 22, 2026
Jvr2022 Credited to Jvr2022 and TharVid TharVid TharVid
fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters Moderate
CVE-2026-41650 was published for fast-xml-parser (npm) Apr 22, 2026
TharVid Credited to TharVid
xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion High
CVE-2026-34601 was published for @xmldom/xmldom (npm) Apr 1, 2026
thesmartshadow Credited to thesmartshadow and karfau karfau karfau
Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in... Moderate Unreviewed
CVE-2026-28770 was published Mar 4, 2026
XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System ... Moderate Unreviewed
CVE-2026-1554 was published Feb 4, 2026
Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that... High Unreviewed
CVE-2022-50902 was published Jan 14, 2026
An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated... High Unreviewed
CVE-2025-1545 was published Dec 5, 2025
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib Moderate
CVE-2025-66034 was published for fonttools (pip) Dec 1, 2025
ntandiono Credited to ntandiono and vk-can vk-can vk-can
A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by... Moderate Unreviewed
CVE-2025-12921 was published Nov 10, 2025
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML... Moderate Unreviewed
CVE-2025-7473 was published Oct 21, 2025
An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1... Moderate Unreviewed
CVE-2025-60833 was published Oct 8, 2025
MinIO Java Client XML Tag Value Substitution Vulnerability High
CVE-2025-59952 was published for io.minio:minio (Maven) Sep 29, 2025
Tanguy-Boisset Credited to Tanguy-Boisset and pyguerder pyguerder pyguerder
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection... Moderate Unreviewed
CVE-2025-54251 was published Sep 9, 2025
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. ... High Unreviewed
CVE-2025-24404 was published Sep 9, 2025
XML Injection vulnerability in xmltodict allows Input Data Manipulation.This issue affects... Moderate Unreviewed
CVE-2025-9375 was published Sep 5, 2025
An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 7... Moderate Unreviewed
CVE-2025-47184 was published Aug 21, 2025
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection... High Unreviewed
CVE-2025-49538 was published Jul 8, 2025
An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java... Moderate Unreviewed
CVE-2025-25589 was published Mar 18, 2025
IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8... High Unreviewed
CVE-2024-47113 was published Jan 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database