GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,640
Composer 4,231
Erlang 31
GitHub Actions 20
Go 1,991
Maven 5,178
npm 3,709
NuGet 661
pip 3,341
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 234,615

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

43 advisories

Filter by severity

Sort by

Least recently updated

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including... High Unreviewed

CVE-2024-28982 was published Jun 27, 2024

Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed

CVE-2024-27142 was published Jun 14, 2024

Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed

CVE-2024-27141 was published Jun 14, 2024

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack Moderate Unreviewed

CVE-2022-28652 was published Jun 5, 2024

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile... Moderate Unreviewed

CVE-2023-52426 was published Feb 4, 2024

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the... High Unreviewed

CVE-2023-49967 was published Dec 7, 2023

A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI... Moderate Unreviewed

CVE-2023-41635 was published Aug 31, 2023

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD... Moderate Unreviewed

CVE-2023-3569 was published Aug 8, 2023

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A... Moderate Unreviewed

CVE-2023-20052 was published Mar 1, 2023

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials... Moderate Unreviewed

CVE-2022-44641 was published Nov 18, 2022

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This... High Unreviewed

CVE-2022-42745 was published Nov 4, 2022

Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege... High Unreviewed

CVE-2022-34430 was published Oct 11, 2022

A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All... Moderate Unreviewed

CVE-2022-34467 was published Jul 13, 2022

OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack... High Unreviewed

CVE-2021-40511 was published Jun 22, 2022

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior... Moderate Unreviewed

CVE-2021-31842 was published May 24, 2022

Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different... High Unreviewed

CVE-2021-38490 was published May 24, 2022

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all... Moderate Unreviewed

CVE-2021-3541 was published May 24, 2022

Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related... Moderate Unreviewed

CVE-2020-15303 was published May 24, 2022

It has been discovered that redhat-certification does not properly limit the number of recursive... High Unreviewed

CVE-2018-10868 was published May 24, 2022

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity... High Unreviewed

CVE-2021-20453 was published May 24, 2022

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build... Moderate Unreviewed

CVE-2021-28973 was published May 24, 2022

A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument... High Unreviewed

CVE-2021-28302 was published May 24, 2022

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity... Moderate Unreviewed

CVE-2020-24665 was published May 24, 2022

A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could... Moderate Unreviewed

CVE-2021-1267 was published May 24, 2022

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML... Moderate Unreviewed

CVE-2020-27017 was published May 24, 2022

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

43 advisories