GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
Apache Ivy External Entity Reference vulnerability
High
CVE-2022-46751
was published
for
org.apache.ivy:ivy
(Maven)
Aug 21, 2023
Improper Restriction of XML External Entity Reference in ladon
Critical
CVE-2019-1010268
was published
for
ladon
(pip)
Jul 26, 2019
OpenStack Nova Live migration fails to update persistent domain XML
High
CVE-2020-17376
was published
for
nova
(pip)
May 24, 2022
DataEase has an XML External Entity Reference vulnerability
High
CVE-2024-46985
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
XML External Entity Reference in Glances
Moderate
CVE-2021-23418
was published
for
Glances
(pip)
Aug 9, 2021
XML External Entity vulnerability in Easy-XML
Critical
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
feedparser denial of service vulnerability
High
CVE-2012-2921
was published
for
feedparser
(pip)
Jul 24, 2018
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
High
CVE-2024-46984
was published
for
de.gematik.refv.commons:commons
(Maven)
Sep 19, 2024
Kimai has an XXE Leading to Local File Read
Moderate
GHSA-534c-hcr7-67jg
was published
for
kimai/kimai
(Composer)
Sep 17, 2024
ebookmeta XML External Entity vulnerability
High
CVE-2024-36827
was published
for
ebookmeta
(pip)
Jun 7, 2024
ebookmeta XML External Entity vulnerability
Critical
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
High
CVE-2023-48362
was published
for
org.apache.drill.exec:drill-java-exec
(Maven)
Jul 24, 2024
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Low
GHSA-58qw-p7qm-5rvh
was published
for
org.eclipse.jetty:jetty-xml
(Maven)
Jul 10, 2023
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
High
CVE-2024-45294
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Sep 6, 2024
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection
Moderate
CVE-2023-26043
was published
for
GeoNode
(pip)
Aug 30, 2024
ClassGraph XML External Entity Reference
Moderate
CVE-2021-47621
was published
for
io.github.classgraph:classgraph
(Maven)
Jun 21, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2024-6961
was published
for
guardrails-ai
(pip)
Jul 21, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Critical
CVE-2024-34102
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
XML External Entity Reference in drools
Critical
CVE-2021-41411
was published
for
org.drools:drools-core
(Maven)
Jun 17, 2022
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
High
CVE-2024-38374
was published
for
org.cyclonedx:cyclonedx-core-java
(Maven)
Jun 24, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
High
GHSA-229x-22xc-2f2w
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API