GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be...
Moderate
Unreviewed
CVE-2021-20464
was published
Apr 23, 2022
Inline DTD allows XML bomb attack
High
CVE-2019-15160
was published
for
sweet_xml
(Erlang)
Apr 12, 2022
XML Entity Expansion in trytond and proteus
High
CVE-2022-26662
was published
for
proteus
(pip)
Mar 11, 2022
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Critical
CVE-2022-23640
was published
for
com.monitorjbl:xlsx-streamer
(Maven)
Mar 2, 2022
XML2Dict XML Entity Expansion Vulnerability
High
CVE-2021-25951
was published
for
XML2Dict
(pip)
Jul 2, 2021
Billion laughs attack (XML bomb)
High
CVE-2021-32623
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jun 17, 2021
Improper Restriction of Recursive Entity References in Apache XMLBeans
Critical
CVE-2021-23926
was published
for
org.apache.xmlbeans:xmlbeans
(Maven)
Jun 16, 2021
SnakeYAML Entity Expansion during load operation
High
CVE-2017-18640
was published
for
org.yaml:snakeyaml
(Maven)
Jun 4, 2021
XML Entity Expansion and Improper Input Validation in Kubernetes API server
High
CVE-2019-11253
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Feedgen Vulnerable to XML Denial of Service Attacks
Moderate
CVE-2020-5227
was published
for
feedgen
(pip)
Jan 28, 2020
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
XML Entity Expansion in Pippo
High
CVE-2019-5442
was published
for
ro.pippo:pippo-jaxb
(Maven)
Jun 13, 2019
Billion laughs attack in c3p0
High
CVE-2019-5427
was published
for
com.mchange:c3p0
(Maven)
Apr 23, 2019
Moderate severity vulnerability that affects org.restlet.jse:org.restlet
Moderate
CVE-2014-1868
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Nokogiri vulnerable to libxml XML Entity Expansion
Moderate
CVE-2015-1819
was published
for
nokogiri
(RubyGems)
Aug 8, 2018
ProTip!
Advisories are also available from the
GraphQL API