GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
69 advisories
Filter by severity
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to...
Critical
Unreviewed
CVE-2024-51136
was published
Nov 4, 2024
BEx Web Java Runtime Export Web Service does not
sufficiently validate an XML document accepted...
High
Unreviewed
CVE-2024-42374
was published
Aug 13, 2024
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1...
Moderate
Unreviewed
CVE-2023-35858
was published
Jun 13, 2024
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This...
Moderate
Unreviewed
CVE-2023-32173
was published
May 3, 2024
Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-27328
was published
May 3, 2024
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize...
High
Unreviewed
CVE-2023-46214
was published
Nov 16, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum...
Critical
Unreviewed
CVE-2023-43187
was published
Sep 27, 2023
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible...
High
Unreviewed
CVE-2023-40612
was published
Aug 23, 2023
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier)...
High
Unreviewed
CVE-2023-38207
was published
Aug 9, 2023
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier)...
Moderate
Unreviewed
CVE-2023-29289
was published
Jun 15, 2023
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script...
High
Unreviewed
CVE-2019-25137
was published
May 18, 2023
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML...
High
Unreviewed
CVE-2023-22247
was published
Mar 27, 2023
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0...
High
Unreviewed
CVE-2023-27253
was published
Mar 18, 2023
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox....
Critical
Unreviewed
CVE-2021-4140
was published
Dec 22, 2022
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to...
High
Unreviewed
CVE-2022-35259
was published
Dec 6, 2022
XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an...
High
Unreviewed
CVE-2022-27233
was published
Nov 11, 2022
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an...
Moderate
Unreviewed
CVE-2022-22244
was published
Oct 18, 2022
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of...
Moderate
Unreviewed
CVE-2022-22243
was published
Oct 18, 2022
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with...
High
Unreviewed
CVE-2022-2458
was published
Aug 11, 2022
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could...
High
Unreviewed
CVE-2022-33739
was published
Jun 17, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression...
Critical
Unreviewed
CVE-2021-21829
was published
May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load...
Critical
Unreviewed
CVE-2021-21830
was published
May 24, 2022
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and...
High
Unreviewed
CVE-2020-8479
was published
May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack...
High
Unreviewed
CVE-2018-1721
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API