GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
99 advisories
Filter by severity
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow...
High
Unreviewed
CVE-2024-11622
was published
Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow...
High
Unreviewed
CVE-2024-53675
was published
Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow...
High
Unreviewed
CVE-2024-53674
was published
Nov 27, 2024
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to...
Critical
Unreviewed
CVE-2024-51136
was published
Nov 4, 2024
BEx Web Java Runtime Export Web Service does not
sufficiently validate an XML document accepted...
High
Unreviewed
CVE-2024-42374
was published
Aug 13, 2024
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1...
Moderate
Unreviewed
CVE-2023-35858
was published
Jun 13, 2024
robrichards/xmlseclibs XPath injection
High
GHSA-2g98-f9jv-w8c5
was published
for
robrichards/xmlseclibs
(Composer)
May 20, 2024
veraPDF has potential XSLT injection vulnerability when using policy files
High
CVE-2024-28109
was published
for
org.verapdf:core
(Maven)
May 20, 2024
An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while...
Moderate
Unreviewed
CVE-2024-33858
was published
May 7, 2024
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This...
Moderate
Unreviewed
CVE-2023-32173
was published
May 3, 2024
Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-27328
was published
May 3, 2024
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize...
High
Unreviewed
CVE-2023-46214
was published
Nov 16, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum...
Critical
Unreviewed
CVE-2023-43187
was published
Sep 27, 2023
codehaus-plexus vulnerable to XML injection
Moderate
CVE-2022-4245
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
Sep 25, 2023
ReportLab vulnerable to remote code execution via paraparser
Critical
CVE-2019-19450
was published
for
reportlab
(pip)
Sep 20, 2023
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible...
High
Unreviewed
CVE-2023-40612
was published
Aug 23, 2023
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier)...
High
Unreviewed
CVE-2023-38207
was published
Aug 9, 2023
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier)...
Moderate
Unreviewed
CVE-2023-29289
was published
Jun 15, 2023
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script...
High
Unreviewed
CVE-2019-25137
was published
May 18, 2023
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML...
High
Unreviewed
CVE-2023-22247
was published
Mar 27, 2023
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0...
High
Unreviewed
CVE-2023-27253
was published
Mar 18, 2023
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox....
Critical
Unreviewed
CVE-2021-4140
was published
Dec 22, 2022
Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks
High
CVE-2022-46464
was published
for
concrete5/concrete5
(Composer)
Dec 6, 2022
•
withdrawn
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to...
High
Unreviewed
CVE-2022-35259
was published
Dec 6, 2022
ProTip!
Advisories are also available from the
GraphQL API