Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,048 advisories

Loading
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks. High Unreviewed
CVE-2023-37233 was published Sep 10, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection High
CVE-2023-26043 was published for GeoNode (pip) Aug 30, 2024
jorgectf
XXE in PHPSpreadsheet encoding is returned High
CVE-2024-45048 was published for phpoffice/phpspreadsheet (Composer) Aug 29, 2024
bytehope chinh2597
cavias
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability. Moderate Unreviewed
CVE-2024-40075 was published Jul 22, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2024-6961 was published for guardrails-ai (pip) Jul 21, 2024
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
ClassGraph XML External Entity Reference Moderate
CVE-2021-47621 was published for io.github.classgraph:classgraph (Maven) Jun 21, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability Critical
CVE-2024-34102 was published for magento/community-edition (Composer) Jun 13, 2024
Zend-JSON vulnerable to XXE/XEE attacks Critical
GHSA-8x2v-pcg7-94f4 was published for zendframework/zend-json (Composer) Jun 7, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc High
GHSA-229x-22xc-2f2w was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors Critical
GHSA-mhpx-3rv8-wrjm was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors High
GHSA-4j9x-g4x8-vcmf was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API