Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,152 advisories

Loading
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing High
CVE-2025-6985 was published for langchain-text-splitters (pip) Oct 6, 2025
chaliy
Credited to chaliy
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2025-20369 was published Oct 1, 2025
Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and... High Unreviewed
CVE-2025-48006 was published Sep 29, 2025
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is... Moderate Unreviewed
CVE-2025-11140 was published Sep 29, 2025
A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of... Moderate Unreviewed
CVE-2025-11035 was published Sep 26, 2025
A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file ... Moderate Unreviewed
CVE-2025-10816 was published Sep 23, 2025
A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect... Critical Unreviewed
CVE-2025-10183 was published Sep 9, 2025
A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the... Moderate Unreviewed
CVE-2025-10091 was published Sep 8, 2025
A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file ... Moderate Unreviewed
CVE-2025-10092 was published Sep 8, 2025
Langchain Community Vulnerable to XML External Entity (XXE) Attacks High
CVE-2025-6984 was published for langchain-community (pip) Sep 4, 2025
Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language... High Unreviewed
CVE-2023-7307 was published Aug 28, 2025
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows ... Low Unreviewed
CVE-2025-35112 was published Aug 27, 2025
Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity... Moderate Unreviewed
CVE-2025-57704 was published Aug 26, 2025
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF Critical
CVE-2025-54988 was published for org.apache.tika:tika-parser-pdf-module (Maven) Aug 20, 2025
Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for... High Unreviewed
CVE-2025-4044 was published Aug 19, 2025
Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External... Moderate Unreviewed
CVE-2025-26484 was published Aug 14, 2025
A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA... Moderate Unreviewed
CVE-2025-40584 was published Aug 12, 2025
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external... High Unreviewed
CVE-2025-8355 was published Aug 8, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of... High Unreviewed
CVE-2025-54254 was published Aug 5, 2025
Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of... Moderate Unreviewed
CVE-2025-36608 was published Jul 30, 2025
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE)... Moderate Unreviewed
CVE-2025-26400 was published Jul 29, 2025
Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics... High Unreviewed
CVE-2025-54445 was published Jul 23, 2025
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration... High Unreviewed
CVE-2025-7766 was published Jul 23, 2025
An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy)... Moderate Unreviewed
CVE-2025-34142 was published Jul 22, 2025
Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity... Moderate Unreviewed
CVE-2025-36603 was published Jul 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database