GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
84 advisories
Filter by severity
Improper Restriction of XML External Entity Reference in dompdf/dompdf
Critical
CVE-2021-3902
was published
for
dompdf/dompdf
(Composer)
Nov 15, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Critical
CVE-2024-34102
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-j68w-pg49-f6vx
was published
for
symfony/serializer
(Composer)
May 30, 2024
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Critical
CVE-2023-49733
was published
for
org.apache.cocoon:cocoon
(Maven)
Nov 30, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Critical
CVE-2023-46502
was published
for
org.opencrx:opencrx-client
(Maven)
Oct 31, 2023
weixin-python XML External Entity vulnerability
Critical
CVE-2018-25082
was published
for
weixin-python
(pip)
Mar 21, 2023
java-xmlbuilder vulnerable to XML External Entity Reference
Critical
CVE-2014-125087
was published
for
com.jamesmurty.utils:java-xmlbuilder
(Maven)
Feb 19, 2023
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Critical
CVE-2023-24429
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Jan 26, 2023
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin
Critical
CVE-2023-24430
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Jan 26, 2023
XML Entity Expansion in Jenkins TestComplete support Plugin
Critical
CVE-2023-24443
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
Jan 26, 2023
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2015-10029
was published
for
kelvinmo/simplexrd
(Composer)
Jan 7, 2023
dssp vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2016-15011
was published
for
be.e_contract.dssp:dssp-client
(Maven)
Jan 6, 2023
bonita-connector-webservice XML External Entity vulnerability
Critical
CVE-2020-36640
was published
for
org.bonitasoft.connectors:bonita-connector-webservice
(Maven)
Jan 5, 2023
aXMLRPC XML External Entity vulnerability
Critical
CVE-2020-36641
was published
for
fr.turri:aXMLRPC
(Maven)
Jan 5, 2023
iText RUPS XML External Entity vulnerability
Critical
CVE-2017-20151
was published
for
com.itextpdf:itext-rups
(Maven)
Dec 30, 2022
XML External Entity Reference in Jenkins CCCC Plugin
Critical
CVE-2022-45395
was published
for
com.thalesgroup.jenkins-ci.plugins:cccc
(Maven)
Nov 16, 2022
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf
Critical
CVE-2021-46849
was published
for
pikepdf
(pip)
Oct 24, 2022
•
withdrawn
Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack
Critical
CVE-2022-39135
was published
for
org.apache.calcite:calcite-core
(Maven)
Sep 12, 2022
Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2
Critical
CVE-2015-8031
was published
for
org.jvnet.hudson.main:hudson-core
(Maven)
Jul 15, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
XML External Entity Reference in drools
Critical
CVE-2021-41411
was published
for
org.drools:drools-core
(Maven)
Jun 17, 2022
ProTip!
Advisories are also available from the
GraphQL API