Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

40 advisories

Loading
An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test... High Unreviewed
CVE-2022-22834 was published Mar 11, 2022
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an... High Unreviewed
CVE-2022-20729 was published May 4, 2022
D-Link DIR-865L has PHP File Inclusion in the router xml file. High Unreviewed
CVE-2013-4857 was published May 5, 2022
An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate... High Unreviewed
CVE-2017-10603 was published May 13, 2022
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30,... High Unreviewed
CVE-2019-0268 was published May 14, 2022
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not... High Unreviewed
CVE-2018-2477 was published May 14, 2022
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized... High Unreviewed
CVE-2018-16785 was published May 14, 2022
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type=... High Unreviewed
CVE-2018-16784 was published May 14, 2022
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,... High Unreviewed
CVE-2008-5024 was published May 14, 2022
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in... High Unreviewed
CVE-2018-1000526 was published May 14, 2022
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an... High Unreviewed
CVE-2016-6272 was published May 14, 2022
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping... High Unreviewed
CVE-2015-3931 was published May 17, 2022
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks... High Unreviewed
CVE-2015-3932 was published May 17, 2022
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may... High Unreviewed
CVE-2017-5654 was published May 17, 2022
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0... High Unreviewed
CVE-2022-22784 was published May 19, 2022
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a... High Unreviewed
CVE-2019-12787 was published May 24, 2022
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used... High Unreviewed
CVE-2019-4539 was published May 24, 2022
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka... High Unreviewed
CVE-2019-18213 was published May 24, 2022
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via... High Unreviewed
CVE-2019-17323 was published May 24, 2022
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is:... High Unreviewed
CVE-2019-19032 was published May 24, 2022
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is:... High Unreviewed
CVE-2019-19031 was published May 24, 2022
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which... High Unreviewed
CVE-2020-29599 was published May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs... High Unreviewed
CVE-2021-31598 was published May 24, 2022
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior.... High Unreviewed
CVE-2021-2322 was published May 24, 2022
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via... High Unreviewed
CVE-2021-36359 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database