The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.…

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a r…

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They…

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resou…

In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. Howev…

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 thro…

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to prote…

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, …

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1…

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configurati…

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of servi…

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro…

It was discovered that an internal Prosody library to load XML based on libexpat does not prope…

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to…

jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows…

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbit…

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana…

SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote a…

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an att…

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document th…

opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vu…

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 b…

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

Nokogiri before 1.5.4 is vulnerable to XXE attacks

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS)…

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of exte…

Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a …

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x …

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all exi…

Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion…

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a l…

The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to ca…

Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *fee…

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, whi…

XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entit…

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and…

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulne…

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML …