GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
7 advisories
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
High
CVE-2025-58360
was published
for
org.geoserver.web:gs-web-app
(Maven)
Nov 25, 2025
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service
High
CVE-2025-30220
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection
Moderate
GHSA-47qw-ccjm-9c2c
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API
Moderate
GHSA-v232-254c-m6p7
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection
Moderate
GHSA-2466-4485-4pxj
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
Moderate
CVE-2025-27136
was published
for
io.github.robothy:local-s3-rest
(Maven)
Mar 10, 2025
S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends
Moderate
CVE-2025-24961
was published
for
org.gaul:s3proxy
(Maven)
Feb 3, 2025
ProTip!
Advisories are also available from the
GraphQL API