Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
Authenticated XML External Entity Processing Moderate
GHSA-8xv9-qcr9-ww9j was published for shopware/core (Composer) Oct 19, 2020
dahua966
Concrete CMS vulnerable to XML External Entity Moderate
CVE-2022-43689 was published for concrete5/concrete5 (Composer) Nov 15, 2022
XML External Entity vulnerability in MODX CMS Critical
CVE-2020-25911 was published for modx/revolution (Composer) Nov 1, 2021
XXE Vulnerability in XMLBundle 0.1.7 High
CVE-2017-1000477 was published for desperado/xml-bundle (Composer) May 14, 2022
PHPExcel vulnerable to XXE attacks through libxml Moderate
CVE-2014-2054 was published for phpoffice/phpexcel (Composer) May 17, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2683 was published for zendframework/zendframework1 (Composer) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2682 was published for zendframework/zendframework1 (Composer) May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2681 was published for zendframework/zendframework1 (Composer) May 14, 2022
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2015-10029 was published for kelvinmo/simplexrd (Composer) Jan 7, 2023
XML External Entity (XXE) vulnerability in the XML data handler Moderate
CVE-2023-38490 was published for getkirby/cms (Composer) Jul 28, 2023
noraj dapatrese
CodeIgniter Rest Server XXE Vulnerability Critical
CVE-2015-3907 was published for chriskacerguis/codeigniter-restserver (Composer) May 24, 2022
Zend Framework XXE Vulnerability Moderate
CVE-2012-5657 was published for zendframework/zendframework1 (Composer) May 17, 2022
Moodle Arbitrary File Read via XML External Entity vulnerability Moderate
CVE-2014-3543 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities Moderate
CVE-2015-5161 was published for zendframework/zendframework (Composer) May 17, 2022
phpMyAdmin vulnerable to XML external entity (XXE) injection attack Moderate
CVE-2011-4107 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Information disclosure through processing of external XML entities Moderate
CVE-2019-8126 was published for magento/community-edition (Composer) Nov 12, 2019
XML External Entity in Dashboard Widget Low
CVE-2020-26229 was published for typo3/cms (Composer) Nov 23, 2020
Zend Framework XXE Vulnerability High
CVE-2012-3363 was published for zendframework/zendframework1 (Composer) May 17, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references High
CVE-2012-4399 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
DotPlant2 Improper Restriction of XML External Entity Reference High
CVE-2020-25750 was published for devgroup/dotplant (Composer) May 24, 2022
getID3 is vulnerable to XML External Entity (XXE) High
CVE-2014-2053 was published for james-heinrich/getid3 (Composer) May 17, 2022
PHPOffice Common Improper Restriction of XML External Entity Reference Critical
CVE-2018-14065 was published for phpoffice/common (Composer) May 14, 2022
SilverStripe XXE Vulnerability in CSSContentParser Moderate
CVE-2020-25817 was published for silverstripe/framework (Composer) May 24, 2022
Symfony XML Entity Expansion security vulnerability High
GHSA-c636-cg5r-2498 was published for symfony/dependency-injection (Composer) May 29, 2024
Symfony XXE security vulnerability High
GHSA-rjpm-qmq7-q85w was published for symfony/routing (Composer) May 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database