GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Authenticated XML External Entity Processing
Moderate
GHSA-8xv9-qcr9-ww9j
was published
for
shopware/core
(Composer)
Oct 19, 2020
Moodle Arbitrary File Read via XML External Entity vulnerability
Moderate
CVE-2014-3543
was published
for
moodle/moodle
(Composer)
May 13, 2022
Several Zend Products Vulnerable to XXE and XEE attacks
Moderate
CVE-2014-2682
was published
for
zendframework/zendframework1
(Composer)
May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks
Moderate
CVE-2014-2683
was published
for
zendframework/zendframework1
(Composer)
May 14, 2022
Several Zend Products Vulnerable to XXE and XEE attacks
Moderate
CVE-2014-2681
was published
for
zendframework/zendframework1
(Composer)
May 14, 2022
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
Moderate
CVE-2011-4107
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities
Moderate
CVE-2015-5161
was published
for
zendframework/zendframework
(Composer)
May 17, 2022
PHPExcel vulnerable to XXE attacks through libxml
Moderate
CVE-2014-2054
was published
for
phpoffice/phpexcel
(Composer)
May 17, 2022
Zend Framework XXE Vulnerability
Moderate
CVE-2012-5657
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
SilverStripe XXE Vulnerability in CSSContentParser
Moderate
CVE-2020-25817
was published
for
silverstripe/framework
(Composer)
May 24, 2022
Concrete CMS vulnerable to XML External Entity
Moderate
CVE-2022-43689
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
XML External Entity (XXE) vulnerability in the XML data handler
Moderate
CVE-2023-38490
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Moderate
CVE-2024-52806
was published
for
simplesamlphp/saml2
(Composer)
Dec 2, 2024
ProTip!
Advisories are also available from the
GraphQL API