GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
Moderate severity vulnerability that affects org.restlet.jse:org.restlet
Moderate
CVE-2014-1868
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Inline DTD allows XML bomb attack
High
CVE-2019-15160
was published
for
sweet_xml
(Erlang)
Apr 12, 2022
Improper Restriction of Recursive Entity References in DTDs in Apache POI
Moderate
CVE-2017-5644
was published
for
org.apache.poi:poi
(Maven)
May 13, 2022
Improper Restriction of Recursive Entity References in Apache XMLBeans
Critical
CVE-2021-23926
was published
for
org.apache.xmlbeans:xmlbeans
(Maven)
Jun 16, 2021
Billion laughs attack in c3p0
High
CVE-2019-5427
was published
for
com.mchange:c3p0
(Maven)
Apr 23, 2019
XML Entity Expansion in Pippo
High
CVE-2019-5442
was published
for
ro.pippo:pippo-jaxb
(Maven)
Jun 13, 2019
Billion laughs attack (XML bomb)
High
CVE-2021-32623
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jun 17, 2021
XML Entity Expansion in trytond and proteus
High
CVE-2022-26662
was published
for
proteus
(pip)
Mar 11, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack
High
CVE-2012-6685
was published
for
nokogiri
(RubyGems)
Apr 23, 2022
Apache Solr vulnerable to XML Bomb
High
CVE-2019-12401
was published
for
org.apache.solr:solr-core
(Maven)
May 24, 2022
kaml has potential denial of service while parsing input with anchors and aliases
High
CVE-2023-28118
was published
for
com.charleskorn.kaml:kaml
(Maven)
Mar 20, 2023
SnakeYAML Entity Expansion during load operation
High
CVE-2017-18640
was published
for
org.yaml:snakeyaml
(Maven)
Jun 4, 2021
Nokogiri vulnerable to DoS while parsing XML documents
Moderate
CVE-2013-6460
was published
for
nokogiri
(RubyGems)
May 5, 2022
Nokogiri vulnerable to DoS while parsing XML entities
Moderate
CVE-2013-6461
was published
for
nokogiri
(RubyGems)
May 5, 2022
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Critical
CVE-2022-23640
was published
for
com.monitorjbl:xlsx-streamer
(Maven)
Mar 2, 2022
Quadratic blowup in Convert::xml2array()
Moderate
CVE-2021-41559
was published
for
silverstripe/framework
(Composer)
Jun 29, 2022
Nokogiri vulnerable to libxml XML Entity Expansion
Moderate
CVE-2015-1819
was published
for
nokogiri
(RubyGems)
Aug 8, 2018
Several Zend Products Vulnerable to XXE and XEE attacks
Moderate
CVE-2014-2683
was published
for
zendframework/zendframework1
(Composer)
May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks
Moderate
CVE-2014-2682
was published
for
zendframework/zendframework1
(Composer)
May 14, 2022
XML Entity Expansion and Improper Input Validation in Kubernetes API server
High
CVE-2019-11253
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Withdrawn Advisory: dom4j XML Entity Expansion vulnerability
Moderate
CVE-2023-45960
was published
for
org.dom4j:dom4j
(Maven)
Oct 25, 2023
•
withdrawn
Apache Tiles: Unvalidated input may lead to path traversal and XXE
High
CVE-2023-49735
was published
for
org.apache.tiles:tiles-core
(Maven)
Dec 1, 2023
XXE vulnerability in Jenkins Code Coverage API Plugin
High
CVE-2020-2172
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Critical
CVE-2023-24441
was published
for
org.jvnet.hudson.plugins:mstest
(Maven)
Jan 26, 2023
XML Entity Expansion in Jenkins TestComplete support Plugin
Critical
CVE-2023-24443
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API