Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,011
Maven
5,000+
npm
4,737
NuGet
814
pip
4,346
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

98 advisories

Loading
fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit) High
CVE-2026-26278 was published for fast-xml-parser (npm) Feb 17, 2026
ByamB4
Credited to ByamB4
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of... High Unreviewed
CVE-2024-28757 was published Mar 10, 2024
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile... Moderate Unreviewed
CVE-2023-52426 was published Feb 4, 2024
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.struts:struts-tiles (Maven) Dec 1, 2023
ryanmurf
Credited to ryanmurf
REXML denial of service vulnerability High
CVE-2024-43398 was published for rexml (RubyGems) Aug 22, 2024
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2025-20369 was published Oct 1, 2025
REXML has DoS condition when parsing malformed XML file Low
CVE-2025-58767 was published for rexml (RubyGems) Sep 17, 2025
sofiaaberegg
Credited to sofiaaberegg
XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5,... Moderate Unreviewed
CVE-2025-5466 was published Aug 12, 2025
XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304)... Critical Unreviewed
CVE-2019-19144 was published Aug 1, 2025
LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser High
CVE-2025-3225 was published for llama-index-readers-papers (pip) Jul 7, 2025
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials... Moderate Unreviewed
CVE-2022-44641 was published Nov 18, 2022
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an... Moderate Unreviewed
CVE-2008-3281 was published May 1, 2022
XML external entity vulnerability on agents in Jenkins MSTest Plugin Critical
CVE-2023-24441 was published for org.jvnet.hudson.plugins:mstest (Maven) Jan 26, 2023
tfonfara
Credited to tfonfara
An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data... Moderate Unreviewed
CVE-2025-0617 was published Jan 29, 2025
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could... Moderate Unreviewed
CVE-2021-1267 was published May 24, 2022
XML2Dict XML Entity Expansion Vulnerability High
CVE-2021-25951 was published for XML2Dict (pip) Jul 2, 2021
untangle vulnerable to XML Entity Expansion High
CVE-2022-33977 was published for untangle (pip) Aug 6, 2022
ebookmeta XML External Entity vulnerability High
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
Feedgen Vulnerable to XML Denial of Service Attacks Moderate
CVE-2020-5227 was published for feedgen (pip) Jan 28, 2020
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed
CVE-2024-27142 was published Jun 14, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed
CVE-2024-27141 was published Jun 14, 2024
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including... High Unreviewed
CVE-2024-28982 was published Jun 27, 2024
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack Moderate Unreviewed
CVE-2022-28652 was published Jun 5, 2024
Zend-JSON vulnerable to XXE/XEE attacks Critical
GHSA-8x2v-pcg7-94f4 was published for zendframework/zend-json (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database