Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

38 advisories

Loading
Inline DTD allows XML bomb attack High
CVE-2019-15160 was published for sweet_xml (Erlang) Apr 12, 2022
Billion laughs attack in c3p0 High
CVE-2019-5427 was published for com.mchange:c3p0 (Maven) Apr 23, 2019
XML Entity Expansion in Pippo High
CVE-2019-5442 was published for ro.pippo:pippo-jaxb (Maven) Jun 13, 2019
Billion laughs attack (XML bomb) High
CVE-2021-32623 was published for org.opencastproject:opencast-kernel (Maven) Jun 17, 2021
darolfes Rillke
lkiesow
XML Entity Expansion in trytond and proteus High
CVE-2022-26662 was published for proteus (pip) Mar 11, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack High
CVE-2012-6685 was published for nokogiri (RubyGems) Apr 23, 2022
jhutchings1
Apache Solr vulnerable to XML Bomb High
CVE-2019-12401 was published for org.apache.solr:solr-core (Maven) May 24, 2022
kaml has potential denial of service while parsing input with anchors and aliases High
CVE-2023-28118 was published for com.charleskorn.kaml:kaml (Maven) Mar 20, 2023
gdude2002
SnakeYAML Entity Expansion during load operation High
CVE-2017-18640 was published for org.yaml:snakeyaml (Maven) Jun 4, 2021
oliverchang
XML Entity Expansion and Improper Input Validation in Kubernetes API server High
CVE-2019-11253 was published for k8s.io/kubernetes (Go) May 18, 2021
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.tiles:tiles-core (Maven) Dec 1, 2023
XXE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2020-2172 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
Uncontrolled Resource Consumption in snakeyaml High
CVE-2022-25857 was published for org.yaml:snakeyaml (Maven) Aug 31, 2022
wonda-tea-coffee
ProTip! Advisories are also available from the GraphQL API