Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
Peppol-py is vulnerable to XXE attacks due to Saxon configuration Moderate
CVE-2025-66371 was published for peppol_py (pip) Nov 28, 2025
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing High
CVE-2025-6985 was published for langchain-text-splitters (pip) Oct 6, 2025
chaliy
Credited to chaliy
Langchain Community Vulnerable to XML External Entity (XXE) Attacks High
CVE-2025-6984 was published for langchain-community (pip) Sep 4, 2025
Langroid Allows XXE Injection via XMLToolMessage High
CVE-2025-46726 was published for langroid (pip) May 5, 2025
SCH227
Credited to SCH227
unstructured XML External Entity (XXE) Moderate
CVE-2024-46455 was published for unstructured (pip) Dec 9, 2024
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection High
CVE-2023-26043 was published for GeoNode (pip) Aug 30, 2024
jorgectf
Credited to jorgectf
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2024-6961 was published for guardrails-ai (pip) Jul 21, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
fonttools XML External Entity Injection (XXE) Vulnerability High
CVE-2023-45139 was published for fonttools (pip) Jan 9, 2024
acornall
Credited to acornall
easy-parse XML External Entity Injection vulnerability High
CVE-2020-26710 was published for easy-parse (pip) Jun 29, 2023
py-xml XML External Entity Injection vulnerability High
CVE-2020-26709 was published for py-xml (pip) Jun 29, 2023
requests-xml XML External Entity Injection vulnerability High
CVE-2020-26708 was published for requests-xml (pip) Jun 29, 2023
weixin-python XML External Entity vulnerability Critical
CVE-2018-25082 was published for weixin-python (pip) Mar 21, 2023
OWSLib vulnerable to XML External Entity (XXE) Injection High
CVE-2023-27476 was published for OWSLib (pip) Mar 7, 2023
jorgectf
Credited to jorgectf
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf Critical
CVE-2021-46849 was published for pikepdf (pip) Oct 24, 2022 withdrawn
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS) High
CVE-2022-37189 was published for mei2volpiano (pip) Sep 8, 2022
mofh Vulnerable to Improper Restriction of XML External Entity Reference Moderate
GHSA-7r9x-qrpr-3cxw was published for mofh (pip) Aug 11, 2022
untangle vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-31471 was published for untangle (pip) Aug 6, 2022
OpenStack Nova Live migration fails to update persistent domain XML High
CVE-2020-17376 was published for nova (pip) May 24, 2022
PyAMF vulnerable to XML external entity (XXE) High
CVE-2015-8549 was published for pyamf (pip) May 24, 2022
XML Entity Expansion (XEE) in Django Moderate
CVE-2013-1664 was published for Django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
XML External Entity (XXE) in Django Moderate
CVE-2013-1665 was published for Django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
SOAPpy vulnerable to XML External Entity attacks Moderate
CVE-2014-3242 was published for SOAPpy (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database