GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
Quadratic blowup in Convert::xml2array()
Moderate
CVE-2021-41559
was published
for
silverstripe/framework
(Composer)
Jun 29, 2022
untangle vulnerable to XML Entity Expansion
High
CVE-2022-33977
was published
for
untangle
(pip)
Aug 6, 2022
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Critical
CVE-2022-23640
was published
for
com.monitorjbl:xlsx-streamer
(Maven)
Mar 2, 2022
Nokogiri vulnerable to DoS while parsing XML entities
Moderate
CVE-2013-6461
was published
for
nokogiri
(RubyGems)
May 5, 2022
Nokogiri vulnerable to DoS while parsing XML documents
Moderate
CVE-2013-6460
was published
for
nokogiri
(RubyGems)
May 5, 2022
SnakeYAML Entity Expansion during load operation
High
CVE-2017-18640
was published
for
org.yaml:snakeyaml
(Maven)
Jun 4, 2021
kaml has potential denial of service while parsing input with anchors and aliases
High
CVE-2023-28118
was published
for
com.charleskorn.kaml:kaml
(Maven)
Mar 20, 2023
Apache Solr vulnerable to XML Bomb
High
CVE-2019-12401
was published
for
org.apache.solr:solr-core
(Maven)
May 24, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack
High
CVE-2012-6685
was published
for
nokogiri
(RubyGems)
Apr 23, 2022
XML Entity Expansion in trytond and proteus
High
CVE-2022-26662
was published
for
proteus
(pip)
Mar 11, 2022
Billion laughs attack (XML bomb)
High
CVE-2021-32623
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jun 17, 2021
XML Entity Expansion in Pippo
High
CVE-2019-5442
was published
for
ro.pippo:pippo-jaxb
(Maven)
Jun 13, 2019
Billion laughs attack in c3p0
High
CVE-2019-5427
was published
for
com.mchange:c3p0
(Maven)
Apr 23, 2019
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior...
Moderate
Unreviewed
CVE-2021-31842
was published
May 24, 2022
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different...
High
Unreviewed
CVE-2021-38490
was published
May 24, 2022
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all...
Moderate
Unreviewed
CVE-2021-3541
was published
May 24, 2022
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related...
Moderate
Unreviewed
CVE-2020-15303
was published
May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity...
High
Unreviewed
CVE-2021-20453
was published
May 24, 2022
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could...
Moderate
Unreviewed
CVE-2021-1267
was published
May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument...
High
Unreviewed
CVE-2021-28302
was published
May 24, 2022
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity...
Moderate
Unreviewed
CVE-2020-24665
was published
May 24, 2022
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing...
High
Unreviewed
CVE-2020-25186
was published
May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML...
Moderate
Unreviewed
CVE-2020-27017
was published
May 24, 2022
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3...
Moderate
Unreviewed
CVE-2020-24052
was published
May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates....
Moderate
Unreviewed
CVE-2020-24591
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API