Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
ebookmeta XML External Entity vulnerability High
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
Feedgen Vulnerable to XML Denial of Service Attacks Moderate
CVE-2020-5227 was published for feedgen (pip) Jan 28, 2020
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
REXML denial of service vulnerability Moderate
CVE-2024-43398 was published for rexml (RubyGems) Aug 22, 2024
Zend-JSON vulnerable to XXE/XEE attacks Critical
GHSA-8x2v-pcg7-94f4 was published for zendframework/zend-json (Composer) Jun 7, 2024
Zendframework Denial of Service vector via XEE injection High
GHSA-2jx7-xg83-j2m7 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors Critical
GHSA-mhpx-3rv8-wrjm was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks Critical
GHSA-f4fj-q6m4-cc52 was published for zendframework/zend-xmlrpc (Composer) Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks Critical
GHSA-qc7w-4567-84wv was published for zendframework/zendframework (Composer) Jun 7, 2024
symfony/validator XML Entity Expansion vulnerability High
GHSA-4vf2-qfg3-7598 was published for symfony/validator (Composer) May 30, 2024
symfony/translation XML Entity Expansion vulnerability High
GHSA-f75p-x5vm-83qp was published for symfony/translation (Composer) May 30, 2024
Symfony XML Entity Expansion security vulnerability High
GHSA-q2gc-gg3x-7942 was published for symfony/symfony (Composer) May 30, 2024
SilverStripe framework XML Quadratic Blowup Attack Moderate
GHSA-g43w-98wp-m694 was published for silverstripe/framework (Composer) May 23, 2024
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing High
GHSA-74fp-r6jw-h4mp was published for k8s.io/apimachinery (Go) Feb 8, 2023
LangChain's XMLOutputParser vulnerable to XML Entity Expansion Moderate
CVE-2024-1455 was published for langchain-core (pip) Mar 26, 2024
eyurtsev
Uncontrolled Resource Consumption in snakeyaml High
CVE-2022-25857 was published for org.yaml:snakeyaml (Maven) Aug 31, 2022
wonda-tea-coffee
Information disclosure through processing of external XML entities Moderate
CVE-2019-8126 was published for magento/community-edition (Composer) Nov 12, 2019
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities Moderate
CVE-2015-5161 was published for zendframework/zendframework (Composer) May 17, 2022
Zend Framework XEE Vulnerability Moderate
CVE-2012-6531 was published for zendframework/zendframework1 (Composer) May 17, 2022
Zend Framework XEE Vulnerability Moderate
CVE-2012-6532 was published for zendframework/zendframework1 (Composer) May 17, 2022
XML Entity Expansion in Jenkins TestComplete support Plugin Critical
CVE-2023-24443 was published for org.jenkins-ci.plugins:TestComplete (Maven) Jan 26, 2023
XML external entity vulnerability on agents in Jenkins MSTest Plugin Critical
CVE-2023-24441 was published for org.jvnet.hudson.plugins:mstest (Maven) Jan 26, 2023
tfonfara
XXE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2020-2172 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.tiles:tiles-core (Maven) Dec 1, 2023
Withdrawn Advisory: dom4j XML Entity Expansion vulnerability Moderate
CVE-2023-45960 was published for org.dom4j:dom4j (Maven) Oct 25, 2023 withdrawn
carlosame
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database