GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
XML2Dict XML Entity Expansion Vulnerability
High
CVE-2021-25951
was published
for
XML2Dict
(pip)
Jul 2, 2021
untangle vulnerable to XML Entity Expansion
High
CVE-2022-33977
was published
for
untangle
(pip)
Aug 6, 2022
REXML denial of service vulnerability
High
CVE-2024-43398
was published
for
rexml
(RubyGems)
Aug 22, 2024
ebookmeta XML External Entity vulnerability
High
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
Feedgen Vulnerable to XML Denial of Service Attacks
Moderate
CVE-2020-5227
was published
for
feedgen
(pip)
Jan 28, 2020
ebookmeta XML External Entity vulnerability
High
CVE-2024-36827
was published
for
ebookmeta
(pip)
Jun 7, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
Zendframework Denial of Service vector via XEE injection
High
GHSA-2jx7-xg83-j2m7
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
symfony/validator XML Entity Expansion vulnerability
High
GHSA-4vf2-qfg3-7598
was published
for
symfony/validator
(Composer)
May 30, 2024
symfony/translation XML Entity Expansion vulnerability
High
GHSA-f75p-x5vm-83qp
was published
for
symfony/translation
(Composer)
May 30, 2024
Symfony XML Entity Expansion security vulnerability
High
GHSA-q2gc-gg3x-7942
was published
for
symfony/symfony
(Composer)
May 30, 2024
SilverStripe framework XML Quadratic Blowup Attack
Moderate
GHSA-g43w-98wp-m694
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
High
GHSA-74fp-r6jw-h4mp
was published
for
k8s.io/apimachinery
(Go)
Feb 8, 2023
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Moderate
CVE-2024-1455
was published
for
langchain-core
(pip)
Mar 26, 2024
Uncontrolled Resource Consumption in snakeyaml
High
CVE-2022-25857
was published
for
org.yaml:snakeyaml
(Maven)
Aug 31, 2022
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities
Moderate
CVE-2015-5161
was published
for
zendframework/zendframework
(Composer)
May 17, 2022
Zend Framework XEE Vulnerability
Moderate
CVE-2012-6531
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Zend Framework XEE Vulnerability
Moderate
CVE-2012-6532
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
XML Entity Expansion in Jenkins TestComplete support Plugin
Critical
CVE-2023-24443
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
Jan 26, 2023
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Critical
CVE-2023-24441
was published
for
org.jvnet.hudson.plugins:mstest
(Maven)
Jan 26, 2023
XXE vulnerability in Jenkins Code Coverage API Plugin
High
CVE-2020-2172
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API