GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
DataEase has an XML External Entity Reference vulnerability
High
CVE-2024-46985
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
High
CVE-2024-46984
was published
for
de.gematik.refv.commons:commons
(Maven)
Sep 19, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
High
CVE-2024-45294
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Sep 6, 2024
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
High
CVE-2023-48362
was published
for
org.apache.drill.exec:drill-java-exec
(Maven)
Jul 24, 2024
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
High
CVE-2024-38374
was published
for
org.cyclonedx:cyclonedx-core-java
(Maven)
Jun 24, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
High
GHSA-229x-22xc-2f2w
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ebookmeta XML External Entity vulnerability
High
CVE-2024-36827
was published
for
ebookmeta
(pip)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
High
GHSA-4j9x-g4x8-vcmf
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Symfony XXE security vulnerability
High
GHSA-rjpm-qmq7-q85w
was published
for
symfony/routing
(Composer)
May 30, 2024
Symfony XML Entity Expansion security vulnerability
High
GHSA-c636-cg5r-2498
was published
for
symfony/dependency-injection
(Composer)
May 29, 2024
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
High
CVE-2024-34345
was published
for
@cyclonedx/cyclonedx-library
(npm)
May 8, 2024
fonttools XML External Entity Injection (XXE) Vulnerability
High
CVE-2023-45139
was published
for
fonttools
(pip)
Jan 9, 2024
Jenkins MATLAB Plugin XML External Entity vulnerability
High
CVE-2023-49656
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability
High
CVE-2023-41933
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Sep 6, 2023
Apache Ivy External Entity Reference vulnerability
High
CVE-2022-46751
was published
for
org.apache.ivy:ivy
(Maven)
Aug 21, 2023
OpenNMS Horizon XXE Injection Vulnerability
High
CVE-2023-0871
was published
for
org.opennms.core:org.opennms.core.xml
(Maven)
Aug 11, 2023
Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability
High
CVE-2023-28685
was published
for
org.jenkins-ci.plugins:absint-a3
(Maven)
Jul 6, 2023
requests-xml XML External Entity Injection vulnerability
High
CVE-2020-26708
was published
for
requests-xml
(pip)
Jun 29, 2023
easy-parse XML External Entity Injection vulnerability
High
CVE-2020-26710
was published
for
easy-parse
(pip)
Jun 29, 2023
py-xml XML External Entity Injection vulnerability
High
CVE-2020-26709
was published
for
py-xml
(pip)
Jun 29, 2023
HuTool XML parsing module has blind XXE vulnerability
High
CVE-2023-3276
was published
for
cn.hutool:hutool-core
(Maven)
Jun 15, 2023
Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks
High
CVE-2023-28681
was published
for
org.jenkins-ci.plugins:vs-code-metrics
(Maven)
Apr 2, 2023
Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks
High
CVE-2023-28680
was published
for
org.jenkins-ci.plugins:crap4j
(Maven)
Apr 2, 2023
Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks
High
CVE-2023-28682
was published
for
org.jenkins-ci.plugins:perfpublisher
(Maven)
Apr 2, 2023
ProTip!
Advisories are also available from the
GraphQL API