Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

106 advisories

Loading
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script... High Unreviewed
CVE-2019-25137 was published May 18, 2023
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML... High Unreviewed
CVE-2023-22247 was published Mar 27, 2023
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0... High Unreviewed
CVE-2023-27253 was published Mar 18, 2023
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox.... Critical Unreviewed
CVE-2021-4140 was published Dec 22, 2022
Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks High
CVE-2022-46464 was published for concrete5/concrete5 (Composer) Dec 6, 2022 withdrawn
LisaCISO
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to... High Unreviewed
CVE-2022-35259 was published Dec 6, 2022
XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an... High Unreviewed
CVE-2022-27233 was published Nov 11, 2022
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of... Moderate Unreviewed
CVE-2022-22243 was published Oct 18, 2022
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an... Moderate Unreviewed
CVE-2022-22244 was published Oct 18, 2022
Magento XML Injection vulnerability in the Widgets Module Critical
CVE-2022-34253 was published for magento/community-edition (Composer) Aug 17, 2022
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with... High Unreviewed
CVE-2022-2458 was published Aug 11, 2022
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could... High Unreviewed
CVE-2022-33739 was published Jun 17, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression... Critical Unreviewed
CVE-2021-21829 was published May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load... Critical Unreviewed
CVE-2021-21830 was published May 24, 2022
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and... High Unreviewed
CVE-2020-8479 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack... High Unreviewed
CVE-2018-1721 was published May 24, 2022
XML Injection in ReportLab Critical
CVE-2019-17626 was published for reportlab (pip) May 24, 2022
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0... Moderate Unreviewed
CVE-2019-9892 was published May 24, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2021-38948 was published May 24, 2022
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0... Moderate Unreviewed
CVE-2021-22524 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36022 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... High Unreviewed
CVE-2021-36020 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36028 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36033 was published May 24, 2022
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via... High Unreviewed
CVE-2021-36359 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database