Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
Feedgen Vulnerable to XML Denial of Service Attacks Moderate
CVE-2020-5227 was published for feedgen (pip) Jan 28, 2020
REXML denial of service vulnerability Moderate
CVE-2024-43398 was published for rexml (RubyGems) Aug 22, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed
CVE-2024-27142 was published Jun 14, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed
CVE-2024-27141 was published Jun 14, 2024
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack Moderate Unreviewed
CVE-2022-28652 was published Jun 5, 2024
SilverStripe framework XML Quadratic Blowup Attack Moderate
GHSA-g43w-98wp-m694 was published for silverstripe/framework (Composer) May 23, 2024
A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI... Moderate Unreviewed
CVE-2023-41635 was published Aug 31, 2023
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD... Moderate Unreviewed
CVE-2023-3569 was published Aug 8, 2023
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build... Moderate Unreviewed
CVE-2021-28973 was published May 24, 2022
LangChain's XMLOutputParser vulnerable to XML Entity Expansion Moderate
CVE-2024-1455 was published for langchain-core (pip) Mar 26, 2024
eyurtsev
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile... Moderate Unreviewed
CVE-2023-52426 was published Feb 4, 2024
Information disclosure through processing of external XML entities Moderate
CVE-2019-8126 was published for magento/community-edition (Composer) Nov 12, 2019
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7,... Moderate Unreviewed
CVE-2009-1955 was published May 2, 2022
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows... Moderate Unreviewed
CVE-2011-1755 was published May 17, 2022
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities Moderate
CVE-2015-5161 was published for zendframework/zendframework (Composer) May 17, 2022
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A... Moderate Unreviewed
CVE-2023-20052 was published Mar 1, 2023
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an... Moderate Unreviewed
CVE-2008-3281 was published May 1, 2022
Zend Framework XEE Vulnerability Moderate
CVE-2012-6531 was published for zendframework/zendframework1 (Composer) May 17, 2022
Zend Framework XEE Vulnerability Moderate
CVE-2012-6532 was published for zendframework/zendframework1 (Composer) May 17, 2022
Withdrawn Advisory: dom4j XML Entity Expansion vulnerability Moderate
CVE-2023-45960 was published for org.dom4j:dom4j (Maven) Oct 25, 2023 withdrawn
carlosame
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2682 was published for zendframework/zendframework1 (Composer) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2683 was published for zendframework/zendframework1 (Composer) May 14, 2022
Nokogiri vulnerable to libxml XML Entity Expansion Moderate
CVE-2015-1819 was published for nokogiri (RubyGems) Aug 8, 2018
Quadratic blowup in Convert::xml2array() Moderate
CVE-2021-41559 was published for silverstripe/framework (Composer) Jun 29, 2022
Nokogiri vulnerable to DoS while parsing XML entities Moderate
CVE-2013-6461 was published for nokogiri (RubyGems) May 5, 2022
jasnow
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database