GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
84 advisories
Filter by severity
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18705
was published
for
quokka
(pip)
Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18703
was published
for
quokka
(pip)
Aug 30, 2021
XML external entity injection in Terracotta Quartz Scheduler
Critical
CVE-2019-13990
was published
for
org.quartz-scheduler:quartz
(Maven)
Jul 1, 2020
Improper Restriction of XML External Entity Reference in ladon
Critical
CVE-2019-1010268
was published
for
ladon
(pip)
Jul 26, 2019
XML External Entity vulnerability in Easy-XML
Critical
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
ebookmeta XML External Entity vulnerability
Critical
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Critical
CVE-2024-34102
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
XML External Entity Reference in drools
Critical
CVE-2021-41411
was published
for
org.drools:drools-core
(Maven)
Jun 17, 2022
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-j68w-pg49-f6vx
was published
for
symfony/serializer
(Composer)
May 30, 2024
PHPOffice Common Improper Restriction of XML External Entity Reference
Critical
CVE-2018-14065
was published
for
phpoffice/common
(Composer)
May 14, 2022
Apache ActiveMQ Apollo XXE Vulnerability
Critical
CVE-2014-3579
was published
for
org.apache.activemq:apollo-project
(Maven)
May 14, 2022
Remote code execution occurs in Apache Solr
Critical
CVE-2017-12629
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
Improper Restriction of XML External Entity Reference in pippo-core
Critical
CVE-2018-20059
was published
for
ro.pippo:pippo-core
(Maven)
Dec 19, 2018
java-xmlbuilder vulnerable to XML External Entity Reference
Critical
CVE-2014-125087
was published
for
com.jamesmurty.utils:java-xmlbuilder
(Maven)
Feb 19, 2023
aXMLRPC XML External Entity vulnerability
Critical
CVE-2020-36641
was published
for
fr.turri:aXMLRPC
(Maven)
Jan 5, 2023
XML External Entity Reference in weixin-java-tools
Critical
CVE-2019-5312
was published
for
com.github.binarywang:weixin-java-common
(Maven)
May 14, 2022
XML Entity Expansion in Jenkins TestComplete support Plugin
Critical
CVE-2023-24443
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
Jan 26, 2023
Apache is vulnerable to XXE in XSD validation processor
Critical
CVE-2018-8027
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Critical
CVE-2014-3600
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin
Critical
CVE-2021-21669
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
May 24, 2022
CodeIgniter Rest Server XXE Vulnerability
Critical
CVE-2015-3907
was published
for
chriskacerguis/codeigniter-restserver
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API