Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

69 advisories

Loading
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to... Critical Unreviewed
CVE-2024-51136 was published Nov 4, 2024
An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test... High Unreviewed
CVE-2022-22834 was published Mar 11, 2022
BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted... High Unreviewed
CVE-2024-42374 was published Aug 13, 2024
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1... Moderate Unreviewed
CVE-2023-35858 was published Jun 13, 2024
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This... Moderate Unreviewed
CVE-2023-32173 was published May 3, 2024
Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-27328 was published May 3, 2024
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible... High Unreviewed
CVE-2023-40612 was published Aug 23, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2022-32755 was published Oct 14, 2023
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum... Critical Unreviewed
CVE-2023-43187 was published Sep 27, 2023
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier)... High Unreviewed
CVE-2023-38207 was published Aug 9, 2023
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier)... Moderate Unreviewed
CVE-2023-29289 was published Jun 15, 2023
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script... High Unreviewed
CVE-2019-25137 was published May 18, 2023
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack... High Unreviewed
CVE-2018-1721 was published May 24, 2022
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML... Moderate Unreviewed
CVE-2019-20201 was published May 24, 2022
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is:... High Unreviewed
CVE-2019-19032 was published May 24, 2022
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is:... High Unreviewed
CVE-2019-19031 was published May 24, 2022
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via... High Unreviewed
CVE-2019-17323 was published May 24, 2022
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka... High Unreviewed
CVE-2019-18213 was published May 24, 2022
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1,... Moderate Unreviewed
CVE-2019-0370 was published May 24, 2022
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if... Critical Unreviewed
CVE-2019-16941 was published May 24, 2022
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is... Critical Unreviewed
CVE-2019-14277 was published May 24, 2022
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize... High Unreviewed
CVE-2023-46214 was published Nov 16, 2023
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an... Critical Unreviewed
CVE-2020-25216 was published May 24, 2022
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0... High Unreviewed
CVE-2023-27253 was published Mar 18, 2023
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with... High Unreviewed
CVE-2022-2458 was published Aug 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database