Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,706
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

92 advisories

Loading
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities Moderate
CVE-2015-5161 was published for zendframework/zendframework (Composer) May 17, 2022
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows... Moderate Unreviewed
CVE-2011-1755 was published May 17, 2022
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7,... Moderate Unreviewed
CVE-2009-1955 was published May 2, 2022
Information disclosure through processing of external XML entities Moderate
CVE-2019-8126 was published for magento/community-edition (Composer) Nov 12, 2019
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This... High Unreviewed
CVE-2022-42745 was published Nov 4, 2022
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion,... High Unreviewed
CVE-2011-3288 was published May 17, 2022
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile... Moderate Unreviewed
CVE-2023-52426 was published Feb 4, 2024
Uncontrolled Resource Consumption in snakeyaml High
CVE-2022-25857 was published for org.yaml:snakeyaml (Maven) Aug 31, 2022
wonda-tea-coffee
LangChain's XMLOutputParser vulnerable to XML Entity Expansion Moderate
CVE-2024-1455 was published for langchain-core (pip) Mar 26, 2024
eyurtsev
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur... High Unreviewed
CVE-2020-9352 was published May 24, 2022
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute... Critical Unreviewed
CVE-2014-2228 was published May 17, 2022
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that... High Unreviewed
CVE-2015-9541 was published May 24, 2022
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with... High Unreviewed
CVE-2020-3946 was published May 24, 2022
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build... Moderate Unreviewed
CVE-2021-28973 was published May 24, 2022
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD... Moderate Unreviewed
CVE-2023-3569 was published Aug 8, 2023
A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI... Moderate Unreviewed
CVE-2023-41635 was published Aug 31, 2023
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing High
GHSA-74fp-r6jw-h4mp was published for k8s.io/apimachinery (Go) Feb 8, 2023
SilverStripe framework XML Quadratic Blowup Attack Moderate
GHSA-g43w-98wp-m694 was published for silverstripe/framework (Composer) May 23, 2024
Symfony XML Entity Expansion security vulnerability High
GHSA-q2gc-gg3x-7942 was published for symfony/symfony (Composer) May 30, 2024
symfony/translation XML Entity Expansion vulnerability High
GHSA-f75p-x5vm-83qp was published for symfony/translation (Composer) May 30, 2024
symfony/validator XML Entity Expansion vulnerability High
GHSA-4vf2-qfg3-7598 was published for symfony/validator (Composer) May 30, 2024
Zendframework vulnerable to XXE/XEE attacks Critical
GHSA-qc7w-4567-84wv was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks Critical
GHSA-f4fj-q6m4-cc52 was published for zendframework/zend-xmlrpc (Composer) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors Critical
GHSA-mhpx-3rv8-wrjm was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework Denial of Service vector via XEE injection High
GHSA-2jx7-xg83-j2m7 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database