GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,017
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
43 advisories
Filter by severity
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks...
High
Unreviewed
CVE-2015-3932
was published
May 17, 2022
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could...
High
Unreviewed
CVE-2022-33739
was published
Jun 17, 2022
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping...
High
Unreviewed
CVE-2015-3931
was published
May 17, 2022
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may...
High
Unreviewed
CVE-2017-5654
was published
May 17, 2022
XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an...
High
Unreviewed
CVE-2022-27233
was published
Nov 11, 2022
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0...
High
Unreviewed
CVE-2022-22784
was published
May 19, 2022
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a...
High
Unreviewed
CVE-2019-12787
was published
May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs...
High
Unreviewed
CVE-2021-31598
was published
May 24, 2022
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior....
High
Unreviewed
CVE-2021-2322
was published
May 24, 2022
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via...
High
Unreviewed
CVE-2021-36359
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
High
Unreviewed
CVE-2021-36020
was published
May 24, 2022
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and...
High
Unreviewed
CVE-2020-8479
was published
May 24, 2022
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an...
High
Unreviewed
CVE-2022-20729
was published
May 4, 2022
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to...
High
Unreviewed
CVE-2022-35259
was published
Dec 6, 2022
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used...
High
Unreviewed
CVE-2019-4539
was published
May 24, 2022
An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate...
High
Unreviewed
CVE-2017-10603
was published
May 13, 2022
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30,...
High
Unreviewed
CVE-2019-0268
was published
May 14, 2022
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not...
High
Unreviewed
CVE-2018-2477
was published
May 14, 2022
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized...
High
Unreviewed
CVE-2018-16785
was published
May 14, 2022
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,...
High
Unreviewed
CVE-2008-5024
was published
May 14, 2022
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type=...
High
Unreviewed
CVE-2018-16784
was published
May 14, 2022
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in...
High
Unreviewed
CVE-2018-1000526
was published
May 14, 2022
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an...
High
Unreviewed
CVE-2016-6272
was published
May 14, 2022
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which...
High
Unreviewed
CVE-2020-29599
was published
May 24, 2022
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML...
High
Unreviewed
CVE-2023-22247
was published
Mar 27, 2023
ProTip!
Advisories are also available from the
GraphQL API