Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,062 advisories

Loading
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application... Moderate Unreviewed
CVE-2024-4189 was published Oct 16, 2024
Improper Restriction of XML External Entity Reference in Plone High
CVE-2020-28734 was published for Plone (pip) Apr 7, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18705 was published for quokka (pip) Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18703 was published for quokka (pip) Aug 30, 2021
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection ... Moderate Unreviewed
CVE-2024-45072 was published Oct 16, 2024
XML external entity injection in Terracotta Quartz Scheduler Critical
CVE-2019-13990 was published for org.quartz-scheduler:quartz (Maven) Jul 1, 2020
Improper Restriction of XML External Entity Reference in Plone High
CVE-2020-28736 was published for Plone (pip) Apr 7, 2021
XML External Entity Reference in Apache NiFi High
CVE-2023-22832 was published for org.apache.nifi:nifi-ccda-processors (Maven) Feb 10, 2023
exceptionfactory
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability Moderate
CVE-2024-28168 was published for org.apache.xmlgraphics:fop-core (Maven) Oct 9, 2024
westonsteimel
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in... Moderate Unreviewed
CVE-2023-5136 was published Nov 8, 2023
XXE in petl High
CVE-2020-29128 was published for petl (pip) Dec 2, 2020
nvn1729
Improper Restriction of XML External Entity Reference in pikepdf High
CVE-2021-29421 was published for pikepdf (pip) Apr 20, 2021
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection... Low Unreviewed
CVE-2024-39586 was published Oct 9, 2024
XXE in PHPSpreadsheet's XLSX reader High
CVE-2024-45293 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
0xshade ixSly
Improper Restriction of XML External Entity Reference in Openpyxl Moderate
CVE-2017-5992 was published for openpyxl (pip) May 17, 2022
chenghlee
OWSLib vulnerable to XML External Entity (XXE) Injection High
CVE-2023-27476 was published for OWSLib (pip) Mar 7, 2023
jorgectf
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML... Moderate Unreviewed
CVE-2024-45745 was published Sep 27, 2024
Improper Restriction of XML External Entity Reference in ladon Critical
CVE-2019-1010268 was published for ladon (pip) Jul 26, 2019
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details... Moderate Unreviewed
CVE-2023-41365 was published Oct 10, 2023
OpenStack Nova Live migration fails to update persistent domain XML High
CVE-2020-17376 was published for nova (pip) May 24, 2022
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
XML External Entity Reference in Glances Moderate
CVE-2021-23418 was published for Glances (pip) Aug 9, 2021
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure... Critical Unreviewed
CVE-2024-7098 was published Sep 16, 2024
feedparser denial of service vulnerability High
CVE-2012-2921 was published for feedparser (pip) Jul 24, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database