GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
142 advisories
Filter by severity
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-45293
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
DataEase has an XML External Entity Reference vulnerability
High
CVE-2024-46985
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
High
CVE-2024-46984
was published
for
de.gematik.refv.commons:commons
(Maven)
Sep 19, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
High
CVE-2024-45294
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Sep 6, 2024
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
High
CVE-2023-48362
was published
for
org.apache.drill.exec:drill-java-exec
(Maven)
Jul 24, 2024
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
High
CVE-2024-38374
was published
for
org.cyclonedx:cyclonedx-core-java
(Maven)
Jun 24, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
High
GHSA-229x-22xc-2f2w
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ebookmeta XML External Entity vulnerability
High
CVE-2024-36827
was published
for
ebookmeta
(pip)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
High
GHSA-4j9x-g4x8-vcmf
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Symfony XXE security vulnerability
High
GHSA-rjpm-qmq7-q85w
was published
for
symfony/routing
(Composer)
May 30, 2024
Symfony XML Entity Expansion security vulnerability
High
GHSA-c636-cg5r-2498
was published
for
symfony/dependency-injection
(Composer)
May 29, 2024
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
High
CVE-2024-34345
was published
for
@cyclonedx/cyclonedx-library
(npm)
May 8, 2024
fonttools XML External Entity Injection (XXE) Vulnerability
High
CVE-2023-45139
was published
for
fonttools
(pip)
Jan 9, 2024
Jenkins MATLAB Plugin XML External Entity vulnerability
High
CVE-2023-49656
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability
High
CVE-2023-41933
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Sep 6, 2023
Apache Ivy External Entity Reference vulnerability
High
CVE-2022-46751
was published
for
org.apache.ivy:ivy
(Maven)
Aug 21, 2023
OpenNMS Horizon XXE Injection Vulnerability
High
CVE-2023-0871
was published
for
org.opennms.core:org.opennms.core.xml
(Maven)
Aug 11, 2023
Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability
High
CVE-2023-28685
was published
for
org.jenkins-ci.plugins:absint-a3
(Maven)
Jul 6, 2023
py-xml XML External Entity Injection vulnerability
High
CVE-2020-26709
was published
for
py-xml
(pip)
Jun 29, 2023
easy-parse XML External Entity Injection vulnerability
High
CVE-2020-26710
was published
for
easy-parse
(pip)
Jun 29, 2023
requests-xml XML External Entity Injection vulnerability
High
CVE-2020-26708
was published
for
requests-xml
(pip)
Jun 29, 2023
HuTool XML parsing module has blind XXE vulnerability
High
CVE-2023-3276
was published
for
cn.hutool:hutool-core
(Maven)
Jun 15, 2023
Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks
High
CVE-2023-28680
was published
for
org.jenkins-ci.plugins:crap4j
(Maven)
Apr 2, 2023
Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks
High
CVE-2023-28681
was published
for
org.jenkins-ci.plugins:vs-code-metrics
(Maven)
Apr 2, 2023
ProTip!
Advisories are also available from the
GraphQL API