GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
XML External Entity Reference in Glances
Moderate
CVE-2021-23418
was published
for
Glances
(pip)
Aug 9, 2021
XML External Entity vulnerability in Easy-XML
Critical
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
feedparser denial of service vulnerability
High
CVE-2012-2921
was published
for
feedparser
(pip)
Jul 24, 2018
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
High
CVE-2024-46984
was published
for
de.gematik.refv.commons:commons
(Maven)
Sep 19, 2024
Kimai has an XXE Leading to Local File Read
Moderate
GHSA-534c-hcr7-67jg
was published
for
kimai/kimai
(Composer)
Sep 17, 2024
ebookmeta XML External Entity vulnerability
High
CVE-2024-36827
was published
for
ebookmeta
(pip)
Jun 7, 2024
ebookmeta XML External Entity vulnerability
Critical
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
High
CVE-2023-48362
was published
for
org.apache.drill.exec:drill-java-exec
(Maven)
Jul 24, 2024
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Low
GHSA-58qw-p7qm-5rvh
was published
for
org.eclipse.jetty:jetty-xml
(Maven)
Jul 10, 2023
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
High
CVE-2024-45294
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Sep 6, 2024
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection
Moderate
CVE-2023-26043
was published
for
GeoNode
(pip)
Aug 30, 2024
ClassGraph XML External Entity Reference
Moderate
CVE-2021-47621
was published
for
io.github.classgraph:classgraph
(Maven)
Jun 21, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2024-6961
was published
for
guardrails-ai
(pip)
Jul 21, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Critical
CVE-2024-34102
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
XML External Entity Reference in drools
Critical
CVE-2021-41411
was published
for
org.drools:drools-core
(Maven)
Jun 17, 2022
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
High
CVE-2024-38374
was published
for
org.cyclonedx:cyclonedx-core-java
(Maven)
Jun 24, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
High
GHSA-229x-22xc-2f2w
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
High
GHSA-4j9x-g4x8-vcmf
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin
High
CVE-2019-10337
was published
for
org.jenkins-ci.plugins:token-macro
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API