Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,049 advisories

Loading
Improper restriction of XML external entity references vulnerability exists in FitNesse all... Moderate Unreviewed
CVE-2024-28039 was published Mar 18, 2024
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE)... Moderate Unreviewed
CVE-2024-3930 was published Jul 30, 2024
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML... Critical Unreviewed
CVE-2019-9670 was published May 24, 2022
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics... Moderate Unreviewed
CVE-2024-5625 was published Jul 18, 2024
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External... High Unreviewed
CVE-2023-50304 was published Jul 18, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability Critical
CVE-2024-34102 was published for magento/community-edition (Composer) Jun 13, 2024
XML External Entity Reference in drools Critical
CVE-2021-41411 was published for org.drools:drools-core (Maven) Jun 17, 2022
wnicholson
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application ... High Unreviewed
CVE-2023-49110 was published Jun 20, 2024
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser... High Unreviewed
CVE-2019-1057 was published May 24, 2022
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
Zend-JSON vulnerable to XXE/XEE attacks Critical
GHSA-8x2v-pcg7-94f4 was published for zendframework/zend-json (Composer) Jun 7, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc High
GHSA-229x-22xc-2f2w was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors Critical
GHSA-mhpx-3rv8-wrjm was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors High
GHSA-4j9x-g4x8-vcmf was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks Critical
GHSA-f4fj-q6m4-cc52 was published for zendframework/zend-xmlrpc (Composer) Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks Critical
GHSA-qc7w-4567-84wv was published for zendframework/zendframework (Composer) Jun 7, 2024
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML... High Unreviewed
CVE-2023-45192 was published Jun 6, 2024
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin High
CVE-2019-10337 was published for org.jenkins-ci.plugins:token-macro (Maven) May 24, 2022
secjoker
Symfony XML decoding attack vector through external entities Critical
GHSA-j68w-pg49-f6vx was published for symfony/serializer (Composer) May 30, 2024
Symfony XXE security vulnerability High
GHSA-rjpm-qmq7-q85w was published for symfony/routing (Composer) May 30, 2024
Symfony XML Entity Expansion security vulnerability High
GHSA-c636-cg5r-2498 was published for symfony/dependency-injection (Composer) May 29, 2024
XML External Entity (XXE) in Django Moderate
CVE-2013-1665 was published for Django (pip) May 17, 2022
MarkLee131
XML Entity Expansion (XEE) in Django Moderate
CVE-2013-1664 was published for Django (pip) May 17, 2022
MarkLee131
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1... Moderate Unreviewed
CVE-2024-4357 was published May 15, 2024
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could... High Unreviewed
CVE-2024-3486 was published May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database