GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
43 advisories
Filter by severity
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow...
High
Unreviewed
CVE-2024-11622
was published
Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow...
High
Unreviewed
CVE-2024-53674
was published
Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow...
High
Unreviewed
CVE-2024-53675
was published
Nov 27, 2024
An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test...
High
Unreviewed
CVE-2022-22834
was published
Mar 11, 2022
BEx Web Java Runtime Export Web Service does not
sufficiently validate an XML document accepted...
High
Unreviewed
CVE-2024-42374
was published
Aug 13, 2024
Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-27328
was published
May 3, 2024
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible...
High
Unreviewed
CVE-2023-40612
was published
Aug 23, 2023
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier)...
High
Unreviewed
CVE-2023-38207
was published
Aug 9, 2023
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script...
High
Unreviewed
CVE-2019-25137
was published
May 18, 2023
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack...
High
Unreviewed
CVE-2018-1721
was published
May 24, 2022
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is:...
High
Unreviewed
CVE-2019-19032
was published
May 24, 2022
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is:...
High
Unreviewed
CVE-2019-19031
was published
May 24, 2022
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via...
High
Unreviewed
CVE-2019-17323
was published
May 24, 2022
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka...
High
Unreviewed
CVE-2019-18213
was published
May 24, 2022
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize...
High
Unreviewed
CVE-2023-46214
was published
Nov 16, 2023
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0...
High
Unreviewed
CVE-2023-27253
was published
Mar 18, 2023
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with...
High
Unreviewed
CVE-2022-2458
was published
Aug 11, 2022
D-Link DIR-865L has PHP File Inclusion in the router xml file.
High
Unreviewed
CVE-2013-4857
was published
May 5, 2022
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML...
High
Unreviewed
CVE-2023-22247
was published
Mar 27, 2023
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which...
High
Unreviewed
CVE-2020-29599
was published
May 24, 2022
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an...
High
Unreviewed
CVE-2016-6272
was published
May 14, 2022
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in...
High
Unreviewed
CVE-2018-1000526
was published
May 14, 2022
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type=...
High
Unreviewed
CVE-2018-16784
was published
May 14, 2022
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,...
High
Unreviewed
CVE-2008-5024
was published
May 14, 2022
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized...
High
Unreviewed
CVE-2018-16785
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API