Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
Quadratic blowup in Convert::xml2array() Moderate
CVE-2021-41559 was published for silverstripe/framework (Composer) Jun 29, 2022
untangle vulnerable to XML Entity Expansion High
CVE-2022-33977 was published for untangle (pip) Aug 6, 2022
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer Critical
CVE-2022-23640 was published for com.monitorjbl:xlsx-streamer (Maven) Mar 2, 2022
pjfanning
Nokogiri vulnerable to DoS while parsing XML entities Moderate
CVE-2013-6461 was published for nokogiri (RubyGems) May 5, 2022
jasnow
Nokogiri vulnerable to DoS while parsing XML documents Moderate
CVE-2013-6460 was published for nokogiri (RubyGems) May 5, 2022
jasnow
SnakeYAML Entity Expansion during load operation High
CVE-2017-18640 was published for org.yaml:snakeyaml (Maven) Jun 4, 2021
oliverchang
kaml has potential denial of service while parsing input with anchors and aliases High
CVE-2023-28118 was published for com.charleskorn.kaml:kaml (Maven) Mar 20, 2023
gdude2002
Apache Solr vulnerable to XML Bomb High
CVE-2019-12401 was published for org.apache.solr:solr-core (Maven) May 24, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack High
CVE-2012-6685 was published for nokogiri (RubyGems) Apr 23, 2022
jhutchings1
XML Entity Expansion in trytond and proteus High
CVE-2022-26662 was published for proteus (pip) Mar 11, 2022
Billion laughs attack (XML bomb) High
CVE-2021-32623 was published for org.opencastproject:opencast-kernel (Maven) Jun 17, 2021
darolfes Rillke
lkiesow
XML Entity Expansion in Pippo High
CVE-2019-5442 was published for ro.pippo:pippo-jaxb (Maven) Jun 13, 2019
Billion laughs attack in c3p0 High
CVE-2019-5427 was published for com.mchange:c3p0 (Maven) Apr 23, 2019
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior... Moderate Unreviewed
CVE-2021-31842 was published May 24, 2022
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different... High Unreviewed
CVE-2021-38490 was published May 24, 2022
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all... Moderate Unreviewed
CVE-2021-3541 was published May 24, 2022
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related... Moderate Unreviewed
CVE-2020-15303 was published May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity... High Unreviewed
CVE-2021-20453 was published May 24, 2022
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could... Moderate Unreviewed
CVE-2021-1267 was published May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument... High Unreviewed
CVE-2021-28302 was published May 24, 2022
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity... Moderate Unreviewed
CVE-2020-24665 was published May 24, 2022
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing... High Unreviewed
CVE-2020-25186 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML... Moderate Unreviewed
CVE-2020-27017 was published May 24, 2022
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3... Moderate Unreviewed
CVE-2020-24052 was published May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates.... Moderate Unreviewed
CVE-2020-24591 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database