GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
248 advisories
Filter by severity
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can...
Critical
Unreviewed
CVE-2024-40896
was published
Dec 23, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability
Critical
CVE-2024-55875
was published
for
org.http4k:http4k-format-xml
(Maven)
Dec 12, 2024
Improper Restriction of XML External Entity Reference in dompdf/dompdf
Critical
CVE-2021-3902
was published
for
dompdf/dompdf
(Composer)
Nov 15, 2024
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in...
Critical
Unreviewed
CVE-2024-10218
was published
Nov 12, 2024
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to...
Critical
Unreviewed
CVE-2024-51136
was published
Nov 4, 2024
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure...
Critical
Unreviewed
CVE-2024-7098
was published
Sep 16, 2024
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length...
Critical
Unreviewed
CVE-2024-45490
was published
Aug 30, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Critical
CVE-2024-34102
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-j68w-pg49-f6vx
was published
for
symfony/serializer
(Composer)
May 30, 2024
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code...
Critical
Unreviewed
CVE-2023-26999
was published
Jan 9, 2024
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a...
Critical
Unreviewed
CVE-2023-52252
was published
Dec 30, 2023
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Critical
CVE-2023-49733
was published
for
org.apache.cocoon:cocoon
(Maven)
Nov 30, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Critical
CVE-2023-46502
was published
for
org.opencrx:opencrx-client
(Maven)
Oct 31, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was...
Critical
Unreviewed
CVE-2023-45612
was published
Oct 9, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External...
Critical
Unreviewed
CVE-2023-35892
was published
Sep 5, 2023
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no...
Critical
Unreviewed
CVE-2022-48565
was published
Aug 22, 2023
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.
Critical
Unreviewed
CVE-2023-32567
was published
Aug 10, 2023
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity...
Critical
Unreviewed
CVE-2023-37364
was published
Aug 3, 2023
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of...
Critical
Unreviewed
CVE-2023-20918
was published
Jul 13, 2023
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
Critical
Unreviewed
CVE-2023-24470
was published
Jun 14, 2023
ProTip!
Advisories are also available from the
GraphQL API