GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
70 advisories
Filter by severity
An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while...
Moderate
Unreviewed
CVE-2024-33858
was published
May 7, 2024
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to...
Critical
Unreviewed
CVE-2024-51136
was published
Nov 4, 2024
An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test...
High
Unreviewed
CVE-2022-22834
was published
Mar 11, 2022
BEx Web Java Runtime Export Web Service does not
sufficiently validate an XML document accepted...
High
Unreviewed
CVE-2024-42374
was published
Aug 13, 2024
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1...
Moderate
Unreviewed
CVE-2023-35858
was published
Jun 13, 2024
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This...
Moderate
Unreviewed
CVE-2023-32173
was published
May 3, 2024
Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-27328
was published
May 3, 2024
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible...
High
Unreviewed
CVE-2023-40612
was published
Aug 23, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum...
Critical
Unreviewed
CVE-2023-43187
was published
Sep 27, 2023
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier)...
High
Unreviewed
CVE-2023-38207
was published
Aug 9, 2023
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier)...
Moderate
Unreviewed
CVE-2023-29289
was published
Jun 15, 2023
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script...
High
Unreviewed
CVE-2019-25137
was published
May 18, 2023
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack...
High
Unreviewed
CVE-2018-1721
was published
May 24, 2022
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML...
Moderate
Unreviewed
CVE-2019-20201
was published
May 24, 2022
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is:...
High
Unreviewed
CVE-2019-19031
was published
May 24, 2022
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is:...
High
Unreviewed
CVE-2019-19032
was published
May 24, 2022
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via...
High
Unreviewed
CVE-2019-17323
was published
May 24, 2022
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka...
High
Unreviewed
CVE-2019-18213
was published
May 24, 2022
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1,...
Moderate
Unreviewed
CVE-2019-0370
was published
May 24, 2022
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if...
Critical
Unreviewed
CVE-2019-16941
was published
May 24, 2022
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is...
Critical
Unreviewed
CVE-2019-14277
was published
May 24, 2022
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize...
High
Unreviewed
CVE-2023-46214
was published
Nov 16, 2023
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an...
Critical
Unreviewed
CVE-2020-25216
was published
May 24, 2022
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0...
High
Unreviewed
CVE-2023-27253
was published
Mar 18, 2023
ProTip!
Advisories are also available from the
GraphQL API