GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that...
High
Unreviewed
CVE-2015-9541
was published
May 24, 2022
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute...
Critical
Unreviewed
CVE-2014-2228
was published
May 17, 2022
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur...
High
Unreviewed
CVE-2020-9352
was published
May 24, 2022
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Moderate
CVE-2024-1455
was published
for
langchain-core
(pip)
Mar 26, 2024
Uncontrolled Resource Consumption in snakeyaml
High
CVE-2022-25857
was published
for
org.yaml:snakeyaml
(Maven)
Aug 31, 2022
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile...
Moderate
Unreviewed
CVE-2023-52426
was published
Feb 4, 2024
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion,...
High
Unreviewed
CVE-2011-3288
was published
May 17, 2022
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This...
High
Unreviewed
CVE-2022-42745
was published
Nov 4, 2022
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7,...
Moderate
Unreviewed
CVE-2009-1955
was published
May 2, 2022
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows...
Moderate
Unreviewed
CVE-2011-1755
was published
May 17, 2022
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities
Moderate
CVE-2015-5161
was published
for
zendframework/zendframework
(Composer)
May 17, 2022
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A...
Moderate
Unreviewed
CVE-2023-20052
was published
Mar 1, 2023
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an...
Moderate
Unreviewed
CVE-2008-3281
was published
May 1, 2022
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which...
High
Unreviewed
CVE-2003-1564
was published
Apr 29, 2022
Zend Framework XEE Vulnerability
Moderate
CVE-2012-6531
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Zend Framework XEE Vulnerability
Moderate
CVE-2012-6532
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
XML Entity Expansion in Jenkins TestComplete support Plugin
Critical
CVE-2023-24443
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
Jan 26, 2023
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Critical
CVE-2023-24441
was published
for
org.jvnet.hudson.plugins:mstest
(Maven)
Jan 26, 2023
XXE vulnerability in Jenkins Code Coverage API Plugin
High
CVE-2020-2172
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
Apache Tiles: Unvalidated input may lead to path traversal and XXE
High
CVE-2023-49735
was published
for
org.apache.tiles:tiles-core
(Maven)
Dec 1, 2023
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the...
High
Unreviewed
CVE-2023-49967
was published
Dec 7, 2023
Withdrawn Advisory: dom4j XML Entity Expansion vulnerability
Moderate
CVE-2023-45960
was published
for
org.dom4j:dom4j
(Maven)
Oct 25, 2023
•
withdrawn
XML Entity Expansion and Improper Input Validation in Kubernetes API server
High
CVE-2019-11253
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Several Zend Products Vulnerable to XXE and XEE attacks
Moderate
CVE-2014-2682
was published
for
zendframework/zendframework1
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API