GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
244 advisories
Filter by severity
Improper Restriction of XML External Entity Reference in ladon
Critical
CVE-2019-1010268
was published
for
ladon
(pip)
Jul 26, 2019
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure...
Critical
Unreviewed
CVE-2024-7098
was published
Sep 16, 2024
XML External Entity vulnerability in Easy-XML
Critical
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
ebookmeta XML External Entity vulnerability
Critical
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length...
Critical
Unreviewed
CVE-2024-45490
was published
Aug 30, 2024
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML...
Critical
Unreviewed
CVE-2019-9670
was published
May 24, 2022
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Critical
CVE-2024-34102
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
XML External Entity Reference in drools
Critical
CVE-2021-41411
was published
for
org.drools:drools-core
(Maven)
Jun 17, 2022
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-j68w-pg49-f6vx
was published
for
symfony/serializer
(Composer)
May 30, 2024
PHPOffice Common Improper Restriction of XML External Entity Reference
Critical
CVE-2018-14065
was published
for
phpoffice/common
(Composer)
May 14, 2022
Apache ActiveMQ Apollo XXE Vulnerability
Critical
CVE-2014-3579
was published
for
org.apache.activemq:apollo-project
(Maven)
May 14, 2022
Remote code execution occurs in Apache Solr
Critical
CVE-2017-12629
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
Critical
Unreviewed
CVE-2018-14485
was published
May 24, 2022
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was...
Critical
Unreviewed
CVE-2023-45612
was published
Oct 9, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External...
Critical
Unreviewed
CVE-2023-35892
was published
Sep 5, 2023
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity...
Critical
Unreviewed
CVE-2023-37364
was published
Aug 3, 2023
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
Critical
Unreviewed
CVE-2023-24470
was published
Jun 14, 2023
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection ...
Critical
Unreviewed
CVE-2023-27554
was published
May 11, 2023
An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan...
Critical
Unreviewed
CVE-2018-20687
was published
May 24, 2022
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by...
Critical
Unreviewed
CVE-2019-14678
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API