Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

18 advisories

Loading
Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend Moderate
CVE-2026-44018 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
pypdf: Manipulated XMP metadata entity declarations can exhaust RAM Moderate
CVE-2026-40260 was published for pypdf (pip) Apr 10, 2026
kodareef5 Credited to kodareef5 and stefan6419846 stefan6419846 stefan6419846
SilverStripe framework XML Quadratic Blowup Attack Moderate
GHSA-g43w-98wp-m694 was published for silverstripe/framework (Composer) May 23, 2024
LangChain's XMLOutputParser vulnerable to XML Entity Expansion Moderate
CVE-2024-1455 was published for langchain-core (pip) Mar 26, 2024
eyurtsev Credited to eyurtsev
Withdrawn Advisory: dom4j XML Entity Expansion vulnerability Moderate
CVE-2023-45960 was published for org.dom4j:dom4j (Maven) Oct 25, 2023 withdrawn
carlosame Credited to carlosame
Quadratic blowup in Convert::xml2array() Moderate
CVE-2021-41559 was published for silverstripe/framework (Composer) Jun 29, 2022
Zend Framework XEE Vulnerability Moderate
CVE-2012-6531 was published for zendframework/zendframework1 (Composer) May 17, 2022
Zend Framework XEE Vulnerability Moderate
CVE-2012-6532 was published for zendframework/zendframework1 (Composer) May 17, 2022
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities Moderate
CVE-2015-5161 was published for zendframework/zendframework (Composer) May 17, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2683 was published for zendframework/zendframework1 (Composer) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2682 was published for zendframework/zendframework1 (Composer) May 14, 2022
Improper Restriction of Recursive Entity References in DTDs in Apache POI Moderate
CVE-2017-5644 was published for org.apache.poi:poi (Maven) May 13, 2022
Nokogiri vulnerable to DoS while parsing XML entities Moderate
CVE-2013-6461 was published for nokogiri (RubyGems) May 5, 2022
jasnow Credited to jasnow
Nokogiri vulnerable to DoS while parsing XML documents Moderate
CVE-2013-6460 was published for nokogiri (RubyGems) May 5, 2022
jasnow Credited to jasnow
Feedgen Vulnerable to XML Denial of Service Attacks Moderate
CVE-2020-5227 was published for feedgen (pip) Jan 28, 2020
Information disclosure through processing of external XML entities Moderate
CVE-2019-8126 was published for magento/community-edition (Composer) Nov 12, 2019
Moderate severity vulnerability that affects org.restlet.jse:org.restlet Moderate
CVE-2014-1868 was published for org.restlet.jse:org.restlet (Maven) Oct 17, 2018
Nokogiri vulnerable to libxml XML Entity Expansion Moderate
CVE-2015-1819 was published for nokogiri (RubyGems) Aug 8, 2018
ProTip! Advisories are also available from the GraphQL API