GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to...
Critical
Unreviewed
CVE-2024-51136
was published
Nov 4, 2024
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum...
Critical
Unreviewed
CVE-2023-43187
was published
Sep 27, 2023
ReportLab vulnerable to remote code execution via paraparser
Critical
CVE-2019-19450
was published
for
reportlab
(pip)
Sep 20, 2023
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox....
Critical
Unreviewed
CVE-2021-4140
was published
Dec 22, 2022
Magento XML Injection vulnerability in the Widgets Module
Critical
CVE-2022-34253
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression...
Critical
Unreviewed
CVE-2021-21829
was published
May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load...
Critical
Unreviewed
CVE-2021-21830
was published
May 24, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2021-38948
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36022
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36028
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36033
was published
May 24, 2022
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection,...
Critical
Unreviewed
CVE-2021-37154
was published
May 24, 2022
Magento XML injection in the Widgets module
Critical
CVE-2021-21019
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento XPath Injection
Critical
CVE-2021-21025
was published
for
magento/community-edition
(Composer)
May 24, 2022
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an...
Critical
Unreviewed
CVE-2020-25216
was published
May 24, 2022
Magento 2 Community Edition XML Injection
Critical
CVE-2019-8158
was published
for
magento/community-edition
(Composer)
May 24, 2022
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if...
Critical
Unreviewed
CVE-2019-16941
was published
May 24, 2022
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is...
Critical
Unreviewed
CVE-2019-14277
was published
May 24, 2022
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection...
Critical
Unreviewed
CVE-2013-7429
was published
May 17, 2022
Duplicate Advisory: XML Injection in petl
Critical
GHSA-69q2-p9xp-739v
was published
for
petl
(pip)
Apr 20, 2021
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API