GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,297
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
110 advisories
Filter by severity
ebookmeta XML External Entity vulnerability
High
CVE-2024-36827
was published
for
ebookmeta
(pip)
Jun 7, 2024
ebookmeta XML External Entity vulnerability
High
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
Moderate
Unreviewed
CVE-2022-28652
was published
Jun 5, 2024
symfony/validator XML Entity Expansion vulnerability
High
GHSA-4vf2-qfg3-7598
was published
for
symfony/validator
(Composer)
May 30, 2024
symfony/translation XML Entity Expansion vulnerability
High
GHSA-f75p-x5vm-83qp
was published
for
symfony/translation
(Composer)
May 30, 2024
Symfony XML Entity Expansion security vulnerability
High
GHSA-q2gc-gg3x-7942
was published
for
symfony/symfony
(Composer)
May 30, 2024
SilverStripe framework XML Quadratic Blowup Attack
Moderate
GHSA-g43w-98wp-m694
was published
for
silverstripe/framework
(Composer)
May 23, 2024
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Moderate
CVE-2024-1455
was published
for
langchain-core
(pip)
Mar 26, 2024
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of...
High
Unreviewed
CVE-2024-28757
was published
Mar 10, 2024
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile...
Moderate
Unreviewed
CVE-2023-52426
was published
Feb 4, 2024
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the...
High
Unreviewed
CVE-2023-49967
was published
Dec 7, 2023
Apache Tiles: Unvalidated input may lead to path traversal and XXE
High
CVE-2023-49735
was published
for
org.apache.struts:struts-tiles
(Maven)
Dec 1, 2023
Withdrawn Advisory: dom4j XML Entity Expansion vulnerability
Moderate
CVE-2023-45960
was published
for
org.dom4j:dom4j
(Maven)
Oct 25, 2023
•
withdrawn
A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI...
Moderate
Unreviewed
CVE-2023-41635
was published
Aug 31, 2023
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD...
Moderate
Unreviewed
CVE-2023-3569
was published
Aug 8, 2023
kaml has potential denial of service while parsing input with anchors and aliases
High
CVE-2023-28118
was published
for
com.charleskorn.kaml:kaml
(Maven)
Mar 20, 2023
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A...
Moderate
Unreviewed
CVE-2023-20052
was published
Mar 1, 2023
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
High
GHSA-74fp-r6jw-h4mp
was published
for
k8s.io/apimachinery
(Go)
Feb 8, 2023
XML Entity Expansion in Jenkins TestComplete support Plugin
Critical
CVE-2023-24443
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
Jan 26, 2023
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Critical
CVE-2023-24441
was published
for
org.jvnet.hudson.plugins:mstest
(Maven)
Jan 26, 2023
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials...
Moderate
Unreviewed
CVE-2022-44641
was published
Nov 18, 2022
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This...
High
Unreviewed
CVE-2022-42745
was published
Nov 4, 2022
ProTip!
Advisories are also available from the
GraphQL API