GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,903

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

164 advisories

Filter by severity

Sort by

Least recently updated

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can... Critical Unreviewed

CVE-2024-40896 was published Dec 23, 2024

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed

CVE-2024-10218 was published Nov 12, 2024

An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to... Critical Unreviewed

CVE-2024-51136 was published Nov 4, 2024

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of... Critical Unreviewed

CVE-2023-20918 was published Jul 13, 2023

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure... Critical Unreviewed

CVE-2024-7098 was published Sep 16, 2024

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length... Critical Unreviewed

CVE-2024-45490 was published Aug 30, 2024

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML... Critical Unreviewed

CVE-2019-9670 was published May 24, 2022

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. Critical Unreviewed

CVE-2018-14485 was published May 24, 2022

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed

CVE-2022-32755 was published Oct 14, 2023

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was... Critical Unreviewed

CVE-2023-45612 was published Oct 9, 2023

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External... Critical Unreviewed

CVE-2023-35892 was published Sep 5, 2023

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity... Critical Unreviewed

CVE-2023-37364 was published Aug 3, 2023

Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Critical Unreviewed

CVE-2023-24470 was published Jun 14, 2023

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection ... Critical Unreviewed

CVE-2023-27554 was published May 11, 2023

An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan... Critical Unreviewed

CVE-2018-20687 was published May 24, 2022

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by... Critical Unreviewed

CVE-2019-14678 was published May 24, 2022

NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported,... Critical Unreviewed

CVE-2019-13625 was published May 24, 2022

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to... Critical Unreviewed

CVE-2019-1903 was published May 24, 2022

/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and... Critical Unreviewed

CVE-2018-18471 was published May 24, 2022

An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit... Critical Unreviewed

CVE-2018-18406 was published May 24, 2022

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to... Critical Unreviewed

CVE-2018-15506 was published May 24, 2022

XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to... Critical Unreviewed

CVE-2019-12154 was published May 24, 2022

ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra... Critical Unreviewed

CVE-2018-20160 was published May 24, 2022

ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has... Critical Unreviewed

CVE-2018-8940 was published May 24, 2022

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk... Critical Unreviewed

CVE-2019-7442 was published May 24, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

164 advisories