GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
319 advisories
Filter by severity
XML2Dict XML Entity Expansion Vulnerability
High
CVE-2021-25951
was published
for
XML2Dict
(pip)
Jul 2, 2021
untangle vulnerable to Improper Restriction of XML External Entity Reference
High
CVE-2022-31471
was published
for
untangle
(pip)
Aug 6, 2022
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-48917
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
Improper Restriction of XML External Entity Reference in dompdf/dompdf
Critical
CVE-2021-3902
was published
for
dompdf/dompdf
(Composer)
Nov 15, 2024
XmlScanner bypass leads to XXE
High
CVE-2024-47873
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection
High
CVE-2023-26043
was published
for
GeoNode
(pip)
Aug 30, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference
High
CVE-2024-6961
was published
for
guardrails-ai
(pip)
Jul 21, 2024
XML External Entity vulnerability in Easy-XML
High
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
Kimai has an XXE Leading to Local File Read
High
GHSA-534c-hcr7-67jg
was published
for
kimai/kimai
(Composer)
Sep 17, 2024
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
High
CVE-2024-52007
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Nov 8, 2024
PHPExcel XXE Vulnerability
High
CVE-2015-3542
was published
for
phpoffice/phpexcel
(Composer)
Nov 7, 2024
HAPI FHIR XML External Entity (XXE) vulnerability
High
CVE-2024-51132
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Nov 5, 2024
ebookmeta XML External Entity vulnerability
High
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
Improper Restriction of XML External Entity Reference in python-docx
High
CVE-2016-5851
was published
for
python-docx
(pip)
May 13, 2022
XML External Entity Injection in PyWPS
High
CVE-2021-39371
was published
for
pywps
(pip)
Sep 2, 2021
PySAML2 XML external entity attack
Critical
CVE-2016-10127
was published
for
pysaml2
(pip)
May 17, 2022
Pysaml2 does not sanitize XML responses
High
CVE-2016-10149
was published
for
pysaml2
(pip)
Jul 16, 2018
PyAMF vulnerable to XML external entity (XXE)
High
CVE-2015-8549
was published
for
pyamf
(pip)
May 24, 2022
Improper Restriction of XML External Entity Reference in Plone
High
CVE-2020-28734
was published
for
Plone
(pip)
Apr 7, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18705
was published
for
quokka
(pip)
Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18703
was published
for
quokka
(pip)
Aug 30, 2021
XML external entity injection in Terracotta Quartz Scheduler
Critical
CVE-2019-13990
was published
for
org.quartz-scheduler:quartz
(Maven)
Jul 1, 2020
Improper Restriction of XML External Entity Reference in Plone
High
CVE-2020-28736
was published
for
Plone
(pip)
Apr 7, 2021
XML External Entity Reference in Apache NiFi
High
CVE-2023-22832
was published
for
org.apache.nifi:nifi-ccda-processors
(Maven)
Feb 10, 2023
ProTip!
Advisories are also available from the
GraphQL API