Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

248 advisories

Loading
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
Improper Restriction of XML External Entity Reference in dompdf/dompdf Critical
CVE-2021-3902 was published for dompdf/dompdf (Composer) Nov 15, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability Critical
CVE-2024-34102 was published for magento/community-edition (Composer) Jun 13, 2024
Zend-JSON vulnerable to XXE/XEE attacks Critical
GHSA-8x2v-pcg7-94f4 was published for zendframework/zend-json (Composer) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors Critical
GHSA-mhpx-3rv8-wrjm was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks Critical
GHSA-f4fj-q6m4-cc52 was published for zendframework/zend-xmlrpc (Composer) Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks Critical
GHSA-qc7w-4567-84wv was published for zendframework/zendframework (Composer) Jun 7, 2024
Symfony XML decoding attack vector through external entities Critical
GHSA-j68w-pg49-f6vx was published for symfony/serializer (Composer) May 30, 2024
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a... Critical Unreviewed
CVE-2023-52252 was published Dec 30, 2023
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability Critical
CVE-2023-49733 was published for org.apache.cocoon:cocoon (Maven) Nov 30, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. Critical Unreviewed
CVE-2023-32567 was published Aug 10, 2023
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of... Critical Unreviewed
CVE-2023-20918 was published Jul 13, 2023
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Critical Unreviewed
CVE-2023-24470 was published Jun 14, 2023
ProTip! Advisories are also available from the GraphQL API