GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
27 advisories
Filter by severity
Toshiba printers use XML communication for the API endpoint provided by the printer. For the...
Moderate
Unreviewed
CVE-2024-27142
was published
Jun 14, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the...
Moderate
Unreviewed
CVE-2024-27141
was published
Jun 14, 2024
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
Moderate
Unreviewed
CVE-2022-28652
was published
Jun 5, 2024
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile...
Moderate
Unreviewed
CVE-2023-52426
was published
Feb 4, 2024
A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI...
Moderate
Unreviewed
CVE-2023-41635
was published
Aug 31, 2023
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD...
Moderate
Unreviewed
CVE-2023-3569
was published
Aug 8, 2023
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A...
Moderate
Unreviewed
CVE-2023-20052
was published
Mar 1, 2023
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials...
Moderate
Unreviewed
CVE-2022-44641
was published
Nov 18, 2022
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All...
Moderate
Unreviewed
CVE-2022-34467
was published
Jul 13, 2022
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior...
Moderate
Unreviewed
CVE-2021-31842
was published
May 24, 2022
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all...
Moderate
Unreviewed
CVE-2021-3541
was published
May 24, 2022
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related...
Moderate
Unreviewed
CVE-2020-15303
was published
May 24, 2022
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build...
Moderate
Unreviewed
CVE-2021-28973
was published
May 24, 2022
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity...
Moderate
Unreviewed
CVE-2020-24665
was published
May 24, 2022
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could...
Moderate
Unreviewed
CVE-2021-1267
was published
May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML...
Moderate
Unreviewed
CVE-2020-27017
was published
May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates....
Moderate
Unreviewed
CVE-2020-24591
was published
May 24, 2022
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML...
Moderate
Unreviewed
CVE-2020-24589
was published
May 24, 2022
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3...
Moderate
Unreviewed
CVE-2020-24052
was published
May 24, 2022
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML...
Moderate
Unreviewed
CVE-2020-4481
was published
May 24, 2022
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack...
Moderate
Unreviewed
CVE-2020-4377
was published
May 24, 2022
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by...
Moderate
Unreviewed
CVE-2020-9354
was published
May 24, 2022
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0...
Moderate
Unreviewed
CVE-2019-20104
was published
May 24, 2022
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows...
Moderate
Unreviewed
CVE-2011-1755
was published
May 17, 2022
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7,...
Moderate
Unreviewed
CVE-2009-1955
was published
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API