Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.opensaml/xmltooling@1.4.1
purl pkg:maven/org.opensaml/xmltooling@1.4.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-z9nz-nkff-kfez XML eXternal Entity (XXE) flaw in ParserPool and Decrypter The `BasicParserPool`, `StaticBasicParserPool`, XML Decrypter, and SAML Decrypter in this package set the expandEntityReferences property to `true`, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration. CVE-2013-6440
GHSA-v723-58jv-2qc4

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:31:11.383546+00:00 GitLab Importer Fixing VCID-z9nz-nkff-kfez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.opensaml/xmltooling/CVE-2013-6440.yml 38.4.0
2026-04-11T21:41:33.857413+00:00 GitLab Importer Fixing VCID-z9nz-nkff-kfez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.opensaml/xmltooling/CVE-2013-6440.yml 38.3.0
2026-04-02T21:55:45.406333+00:00 GitLab Importer Fixing VCID-z9nz-nkff-kfez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.opensaml/xmltooling/CVE-2013-6440.yml 38.1.0
2026-04-01T12:46:51.624862+00:00 GitLab Importer Fixing VCID-z9nz-nkff-kfez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.opensaml/xmltooling/CVE-2013-6440.yml 38.0.0