GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
Inline DTD allows XML bomb attack
High
CVE-2019-15160
was published
for
sweet_xml
(Erlang)
Apr 12, 2022
It has been discovered that redhat-certification does not properly limit the number of recursive...
High
Unreviewed
CVE-2018-10868
was published
May 24, 2022
OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack...
High
Unreviewed
CVE-2021-40511
was published
Jun 22, 2022
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege...
High
Unreviewed
CVE-2022-34430
was published
Oct 11, 2022
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing...
High
Unreviewed
CVE-2020-25186
was published
May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument...
High
Unreviewed
CVE-2021-28302
was published
May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity...
High
Unreviewed
CVE-2021-20453
was published
May 24, 2022
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different...
High
Unreviewed
CVE-2021-38490
was published
May 24, 2022
Billion laughs attack in c3p0
High
CVE-2019-5427
was published
for
com.mchange:c3p0
(Maven)
Apr 23, 2019
XML Entity Expansion in Pippo
High
CVE-2019-5442
was published
for
ro.pippo:pippo-jaxb
(Maven)
Jun 13, 2019
Billion laughs attack (XML bomb)
High
CVE-2021-32623
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jun 17, 2021
XML Entity Expansion in trytond and proteus
High
CVE-2022-26662
was published
for
proteus
(pip)
Mar 11, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack
High
CVE-2012-6685
was published
for
nokogiri
(RubyGems)
Apr 23, 2022
Apache Solr vulnerable to XML Bomb
High
CVE-2019-12401
was published
for
org.apache.solr:solr-core
(Maven)
May 24, 2022
kaml has potential denial of service while parsing input with anchors and aliases
High
CVE-2023-28118
was published
for
com.charleskorn.kaml:kaml
(Maven)
Mar 20, 2023
SnakeYAML Entity Expansion during load operation
High
CVE-2017-18640
was published
for
org.yaml:snakeyaml
(Maven)
Jun 4, 2021
untangle vulnerable to XML Entity Expansion
High
CVE-2022-33977
was published
for
untangle
(pip)
Aug 6, 2022
XML2Dict XML Entity Expansion Vulnerability
High
CVE-2021-25951
was published
for
XML2Dict
(pip)
Jul 2, 2021
XML Entity Expansion and Improper Input Validation in Kubernetes API server
High
CVE-2019-11253
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the...
High
Unreviewed
CVE-2023-49967
was published
Dec 7, 2023
Apache Tiles: Unvalidated input may lead to path traversal and XXE
High
CVE-2023-49735
was published
for
org.apache.tiles:tiles-core
(Maven)
Dec 1, 2023
XXE vulnerability in Jenkins Code Coverage API Plugin
High
CVE-2020-2172
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which...
High
Unreviewed
CVE-2003-1564
was published
Apr 29, 2022
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This...
High
Unreviewed
CVE-2022-42745
was published
Nov 4, 2022
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion,...
High
Unreviewed
CVE-2011-3288
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API