GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
XML2Dict XML Entity Expansion Vulnerability
High
CVE-2021-25951
was published
for
XML2Dict
(pip)
Jul 2, 2021
untangle vulnerable to XML Entity Expansion
High
CVE-2022-33977
was published
for
untangle
(pip)
Aug 6, 2022
REXML denial of service vulnerability
High
CVE-2024-43398
was published
for
rexml
(RubyGems)
Aug 22, 2024
ebookmeta XML External Entity vulnerability
High
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
ebookmeta XML External Entity vulnerability
High
CVE-2024-36827
was published
for
ebookmeta
(pip)
Jun 7, 2024
Zendframework Denial of Service vector via XEE injection
High
GHSA-2jx7-xg83-j2m7
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
symfony/validator XML Entity Expansion vulnerability
High
GHSA-4vf2-qfg3-7598
was published
for
symfony/validator
(Composer)
May 30, 2024
symfony/translation XML Entity Expansion vulnerability
High
GHSA-f75p-x5vm-83qp
was published
for
symfony/translation
(Composer)
May 30, 2024
Symfony XML Entity Expansion security vulnerability
High
GHSA-q2gc-gg3x-7942
was published
for
symfony/symfony
(Composer)
May 30, 2024
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
High
GHSA-74fp-r6jw-h4mp
was published
for
k8s.io/apimachinery
(Go)
Feb 8, 2023
Uncontrolled Resource Consumption in snakeyaml
High
CVE-2022-25857
was published
for
org.yaml:snakeyaml
(Maven)
Aug 31, 2022
XXE vulnerability in Jenkins Code Coverage API Plugin
High
CVE-2020-2172
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
Apache Tiles: Unvalidated input may lead to path traversal and XXE
High
CVE-2023-49735
was published
for
org.apache.tiles:tiles-core
(Maven)
Dec 1, 2023
XML Entity Expansion and Improper Input Validation in Kubernetes API server
High
CVE-2019-11253
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
SnakeYAML Entity Expansion during load operation
High
CVE-2017-18640
was published
for
org.yaml:snakeyaml
(Maven)
Jun 4, 2021
kaml has potential denial of service while parsing input with anchors and aliases
High
CVE-2023-28118
was published
for
com.charleskorn.kaml:kaml
(Maven)
Mar 20, 2023
Apache Solr vulnerable to XML Bomb
High
CVE-2019-12401
was published
for
org.apache.solr:solr-core
(Maven)
May 24, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack
High
CVE-2012-6685
was published
for
nokogiri
(RubyGems)
Apr 23, 2022
XML Entity Expansion in trytond and proteus
High
CVE-2022-26662
was published
for
proteus
(pip)
Mar 11, 2022
Billion laughs attack (XML bomb)
High
CVE-2021-32623
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jun 17, 2021
XML Entity Expansion in Pippo
High
CVE-2019-5442
was published
for
ro.pippo:pippo-jaxb
(Maven)
Jun 13, 2019
Billion laughs attack in c3p0
High
CVE-2019-5427
was published
for
com.mchange:c3p0
(Maven)
Apr 23, 2019
Inline DTD allows XML bomb attack
High
CVE-2019-15160
was published
for
sweet_xml
(Erlang)
Apr 12, 2022
ProTip!
Advisories are also available from the
GraphQL API