Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

497 advisories

Loading
Improper Restriction of XML External Entity Reference in python-docx High
CVE-2016-5851 was published for python-docx (pip) May 13, 2022
tdunlap607
XML External Entity Injection in PyWPS High
CVE-2021-39371 was published for pywps (pip) Sep 2, 2021
tdunlap607
Pysaml2 does not sanitize XML responses High
CVE-2016-10149 was published for pysaml2 (pip) Jul 16, 2018
PyAMF vulnerable to XML external entity (XXE) High
CVE-2015-8549 was published for pyamf (pip) May 24, 2022
Improper Restriction of XML External Entity Reference in Plone High
CVE-2020-28734 was published for Plone (pip) Apr 7, 2021
Improper Restriction of XML External Entity Reference in Plone High
CVE-2020-28736 was published for Plone (pip) Apr 7, 2021
XML External Entity Reference in Apache NiFi High
CVE-2023-22832 was published for org.apache.nifi:nifi-ccda-processors (Maven) Feb 10, 2023
exceptionfactory
XXE in petl High
CVE-2020-29128 was published for petl (pip) Dec 2, 2020
nvn1729
Improper Restriction of XML External Entity Reference in pikepdf High
CVE-2021-29421 was published for pikepdf (pip) Apr 20, 2021
OWSLib vulnerable to XML External Entity (XXE) Injection High
CVE-2023-27476 was published for OWSLib (pip) Mar 7, 2023
jorgectf
OpenStack Nova Live migration fails to update persistent domain XML High
CVE-2020-17376 was published for nova (pip) May 24, 2022
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
feedparser denial of service vulnerability High
CVE-2012-2921 was published for feedparser (pip) Jul 24, 2018
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component:... High Unreviewed
CVE-2023-21862 was published Jan 18, 2023
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before... High Unreviewed
CVE-2024-37397 was published Sep 12, 2024
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks. High Unreviewed
CVE-2023-37233 was published Sep 10, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC... High Unreviewed
CVE-2024-22218 was published Aug 15, 2024
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to... High Unreviewed
CVE-2024-38653 was published Aug 14, 2024
The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to... High Unreviewed
CVE-2024-6893 was published Aug 8, 2024
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External... High Unreviewed
CVE-2023-50304 was published Jul 18, 2024
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application ... High Unreviewed
CVE-2023-49110 was published Jun 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database