Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

81 advisories

Loading
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages Moderate
CVE-2024-52806 was published for simplesamlphp/saml2 (Composer) Dec 2, 2024
ahacker1-securesaml
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability Moderate
CVE-2024-28168 was published for org.apache.xmlgraphics:fop-core (Maven) Oct 9, 2024
westonsteimel
Improper Restriction of XML External Entity Reference in Openpyxl Moderate
CVE-2017-5992 was published for openpyxl (pip) May 17, 2022
chenghlee
XML External Entity Reference in Glances Moderate
CVE-2021-23418 was published for Glances (pip) Aug 9, 2021
ClassGraph XML External Entity Reference Moderate
CVE-2021-47621 was published for io.github.classgraph:classgraph (Maven) Jun 21, 2024
XML External Entity (XXE) in Django Moderate
CVE-2013-1665 was published for Django (pip) May 17, 2022
MarkLee131
XML Entity Expansion (XEE) in Django Moderate
CVE-2013-1664 was published for Django (pip) May 17, 2022
MarkLee131
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
codehaus-plexus vulnerable to XML injection Moderate
CVE-2022-4245 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE Moderate
CVE-2022-47894 was published for org.apache.zeppelin:sap (Maven) Apr 9, 2024
SilverStripe XXE Vulnerability in CSSContentParser Moderate
CVE-2020-25817 was published for silverstripe/framework (Composer) May 24, 2022
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2014-3529 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Apache Solr UpdateRequestHandler for XML resolves XML External Entities Moderate
CVE-2013-6407 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
XML external entity expansion in org.apache.solr:solr-core Moderate
CVE-2018-8026 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files Moderate
CVE-2018-8010 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
Moderate severity vulnerability that affects io.vertx:vertx-core Moderate
CVE-2018-12544 was published for io.vertx:vertx-core (Maven) Oct 17, 2018
MarkLee131
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd
Information disclosure through processing of external XML entities Moderate
CVE-2019-8126 was published for magento/community-edition (Composer) Nov 12, 2019
phpMyAdmin vulnerable to XML external entity (XXE) injection attack Moderate
CVE-2011-4107 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities Moderate
CVE-2015-5161 was published for zendframework/zendframework (Composer) May 17, 2022
Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin Moderate
CVE-2023-41932 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Sep 6, 2023
XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin Moderate
CVE-2018-1000198 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 14, 2022
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability Moderate
CVE-2023-6147 was published for com.qualys.plugins:qualys-pc (Maven) Jan 9, 2024
Moodle Arbitrary File Read via XML External Entity vulnerability Moderate
CVE-2014-3543 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Qualys Jenkins Plugin for WAS XML External Entity vulnerability Moderate
CVE-2023-6149 was published for com.qualys.plugins:qualys-was (Maven) Jan 9, 2024
ProTip! Advisories are also available from the GraphQL API