Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Billion laughs attack in c3p0 High
CVE-2019-5427 was published for com.mchange:c3p0 (Maven) Apr 23, 2019
XML Entity Expansion in Pippo High
CVE-2019-5442 was published for ro.pippo:pippo-jaxb (Maven) Jun 13, 2019
XML Entity Expansion and Improper Input Validation in Kubernetes API server High
CVE-2019-11253 was published for k8s.io/kubernetes (Go) May 18, 2021
SnakeYAML Entity Expansion during load operation High
CVE-2017-18640 was published for org.yaml:snakeyaml (Maven) Jun 4, 2021
oliverchang
Billion laughs attack (XML bomb) High
CVE-2021-32623 was published for org.opencastproject:opencast-kernel (Maven) Jun 17, 2021
darolfes Rillke
lkiesow
XML2Dict XML Entity Expansion Vulnerability High
CVE-2021-25951 was published for XML2Dict (pip) Jul 2, 2021
XML Entity Expansion in trytond and proteus High
CVE-2022-26662 was published for proteus (pip) Mar 11, 2022
Inline DTD allows XML bomb attack High
CVE-2019-15160 was published for sweet_xml (Erlang) Apr 12, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack High
CVE-2012-6685 was published for nokogiri (RubyGems) Apr 23, 2022
jhutchings1
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which... High Unreviewed
CVE-2003-1564 was published Apr 29, 2022
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion,... High Unreviewed
CVE-2011-3288 was published May 17, 2022
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that... High Unreviewed
CVE-2015-9541 was published May 24, 2022
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur... High Unreviewed
CVE-2020-9352 was published May 24, 2022
XXE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2020-2172 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with... High Unreviewed
CVE-2020-3946 was published May 24, 2022
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing... High Unreviewed
CVE-2020-25186 was published May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument... High Unreviewed
CVE-2021-28302 was published May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity... High Unreviewed
CVE-2021-20453 was published May 24, 2022
It has been discovered that redhat-certification does not properly limit the number of recursive... High Unreviewed
CVE-2018-10868 was published May 24, 2022
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different... High Unreviewed
CVE-2021-38490 was published May 24, 2022
Apache Solr vulnerable to XML Bomb High
CVE-2019-12401 was published for org.apache.solr:solr-core (Maven) May 24, 2022
OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack... High Unreviewed
CVE-2021-40511 was published Jun 22, 2022
untangle vulnerable to XML Entity Expansion High
CVE-2022-33977 was published for untangle (pip) Aug 6, 2022
Uncontrolled Resource Consumption in snakeyaml High
CVE-2022-25857 was published for org.yaml:snakeyaml (Maven) Aug 31, 2022
wonda-tea-coffee
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege... High Unreviewed
CVE-2022-34430 was published Oct 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database