Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

310 advisories

Loading
XML External Entity Reference in Glances Moderate
CVE-2021-23418 was published for Glances (pip) Aug 9, 2021
XML External Entity vulnerability in Easy-XML Critical
CVE-2020-26705 was published for easy-xml (pip) Nov 1, 2021
feedparser denial of service vulnerability High
CVE-2012-2921 was published for feedparser (pip) Jul 24, 2018
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
Kimai has an XXE Leading to Local File Read Moderate
GHSA-534c-hcr7-67jg was published for kimai/kimai (Composer) Sep 17, 2024
ixSly
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
ebookmeta XML External Entity vulnerability Critical
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
XXE in PHPSpreadsheet encoding is returned High
CVE-2024-45048 was published for phpoffice/phpspreadsheet (Composer) Aug 29, 2024
bytehope chinh2597
cavias
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations Low
GHSA-58qw-p7qm-5rvh was published for org.eclipse.jetty:jetty-xml (Maven) Jul 10, 2023
uriyay-jfrog joakime
chadlwilson timtebeek
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue High
CVE-2019-12331 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection Moderate
CVE-2023-26043 was published for GeoNode (pip) Aug 30, 2024
jorgectf
ClassGraph XML External Entity Reference Moderate
CVE-2021-47621 was published for io.github.classgraph:classgraph (Maven) Jun 21, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2024-6961 was published for guardrails-ai (pip) Jul 21, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability Critical
CVE-2024-34102 was published for magento/community-edition (Composer) Jun 13, 2024
XML External Entity Reference in drools Critical
CVE-2021-41411 was published for org.drools:drools-core (Maven) Jun 17, 2022
wnicholson
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
Zend-JSON vulnerable to XXE/XEE attacks Critical
GHSA-8x2v-pcg7-94f4 was published for zendframework/zend-json (Composer) Jun 7, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc High
GHSA-229x-22xc-2f2w was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors Critical
GHSA-mhpx-3rv8-wrjm was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors High
GHSA-4j9x-g4x8-vcmf was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks Critical
GHSA-f4fj-q6m4-cc52 was published for zendframework/zend-xmlrpc (Composer) Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks Critical
GHSA-qc7w-4567-84wv was published for zendframework/zendframework (Composer) Jun 7, 2024
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin High
CVE-2019-10337 was published for org.jenkins-ci.plugins:token-macro (Maven) May 24, 2022
secjoker
ProTip! Advisories are also available from the GraphQL API