GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
44 advisories
Filter by severity
Authenticated XML External Entity Processing
Moderate
GHSA-8xv9-qcr9-ww9j
was published
for
shopware/core
(Composer)
Oct 19, 2020
Concrete CMS vulnerable to XML External Entity
Moderate
CVE-2022-43689
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
XML External Entity vulnerability in MODX CMS
Critical
CVE-2020-25911
was published
for
modx/revolution
(Composer)
Nov 1, 2021
XXE Vulnerability in XMLBundle 0.1.7
High
CVE-2017-1000477
was published
for
desperado/xml-bundle
(Composer)
May 14, 2022
PHPExcel vulnerable to XXE attacks through libxml
Moderate
CVE-2014-2054
was published
for
phpoffice/phpexcel
(Composer)
May 17, 2022
Several Zend Products Vulnerable to XXE and XEE attacks
Moderate
CVE-2014-2683
was published
for
zendframework/zendframework1
(Composer)
May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks
Moderate
CVE-2014-2682
was published
for
zendframework/zendframework1
(Composer)
May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks
Moderate
CVE-2014-2681
was published
for
zendframework/zendframework1
(Composer)
May 14, 2022
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2015-10029
was published
for
kelvinmo/simplexrd
(Composer)
Jan 7, 2023
XML External Entity (XXE) vulnerability in the XML data handler
Moderate
CVE-2023-38490
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
CodeIgniter Rest Server XXE Vulnerability
Critical
CVE-2015-3907
was published
for
chriskacerguis/codeigniter-restserver
(Composer)
May 24, 2022
Zend Framework XXE Vulnerability
Moderate
CVE-2012-5657
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Moodle Arbitrary File Read via XML External Entity vulnerability
Moderate
CVE-2014-3543
was published
for
moodle/moodle
(Composer)
May 13, 2022
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities
Moderate
CVE-2015-5161
was published
for
zendframework/zendframework
(Composer)
May 17, 2022
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
Moderate
CVE-2011-4107
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
XML External Entity in Dashboard Widget
Low
CVE-2020-26229
was published
for
typo3/cms
(Composer)
Nov 23, 2020
Zend Framework XXE Vulnerability
High
CVE-2012-3363
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
High
CVE-2012-4399
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
DotPlant2 Improper Restriction of XML External Entity Reference
High
CVE-2020-25750
was published
for
devgroup/dotplant
(Composer)
May 24, 2022
getID3 is vulnerable to XML External Entity (XXE)
High
CVE-2014-2053
was published
for
james-heinrich/getid3
(Composer)
May 17, 2022
PHPOffice Common Improper Restriction of XML External Entity Reference
Critical
CVE-2018-14065
was published
for
phpoffice/common
(Composer)
May 14, 2022
SilverStripe XXE Vulnerability in CSSContentParser
Moderate
CVE-2020-25817
was published
for
silverstripe/framework
(Composer)
May 24, 2022
Symfony XML Entity Expansion security vulnerability
High
GHSA-c636-cg5r-2498
was published
for
symfony/dependency-injection
(Composer)
May 29, 2024
Symfony XXE security vulnerability
High
GHSA-rjpm-qmq7-q85w
was published
for
symfony/routing
(Composer)
May 30, 2024
ProTip!
Advisories are also available from the
GraphQL API