GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
95 advisories
Filter by severity
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to...
Critical
Unreviewed
CVE-2024-51136
was published
Nov 4, 2024
XML External Entity Injection in PyWPS
High
CVE-2021-39371
was published
for
pywps
(pip)
Sep 2, 2021
XML Injection in python-libnmap
High
CVE-2019-1010017
was published
for
python-libnmap
(pip)
Jul 18, 2019
Duplicate Advisory: XML Injection in petl
Critical
GHSA-69q2-p9xp-739v
was published
for
petl
(pip)
Apr 20, 2021
•
withdrawn
Modoboa is vulnerable to an XML External Entity Injection (XXE)
High
CVE-2019-19702
was published
for
modoboa-dmarc
(pip)
May 24, 2022
An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test...
High
Unreviewed
CVE-2022-22834
was published
Mar 11, 2022
XXE in PHPSpreadsheet due to encoding issue
High
CVE-2018-19277
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
BEx Web Java Runtime Export Web Service does not
sufficiently validate an XML document accepted...
High
Unreviewed
CVE-2024-42374
was published
Aug 13, 2024
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1...
Moderate
Unreviewed
CVE-2023-35858
was published
Jun 13, 2024
robrichards/xmlseclibs XPath injection
High
GHSA-2g98-f9jv-w8c5
was published
for
robrichards/xmlseclibs
(Composer)
May 20, 2024
veraPDF has potential XSLT injection vulnerability when using policy files
High
CVE-2024-28109
was published
for
org.verapdf:core
(Maven)
May 20, 2024
codehaus-plexus vulnerable to XML injection
Moderate
CVE-2022-4245
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
Sep 25, 2023
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This...
Moderate
Unreviewed
CVE-2023-32173
was published
May 3, 2024
Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-27328
was published
May 3, 2024
ReportLab vulnerable to remote code execution via paraparser
Critical
CVE-2019-19450
was published
for
reportlab
(pip)
Sep 20, 2023
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible...
High
Unreviewed
CVE-2023-40612
was published
Aug 23, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum...
Critical
Unreviewed
CVE-2023-43187
was published
Sep 27, 2023
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier)...
High
Unreviewed
CVE-2023-38207
was published
Aug 9, 2023
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier)...
Moderate
Unreviewed
CVE-2023-29289
was published
Jun 15, 2023
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script...
High
Unreviewed
CVE-2019-25137
was published
May 18, 2023
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack...
High
Unreviewed
CVE-2018-1721
was published
May 24, 2022
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML...
Moderate
Unreviewed
CVE-2019-20201
was published
May 24, 2022
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is:...
High
Unreviewed
CVE-2019-19032
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API