GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,029
Maven
5,000+
npm
3,731
NuGet
662
pip
3,408
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
15 advisories
Filter by severity
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox....
Critical
Unreviewed
CVE-2021-4140
was published
Dec 22, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36022
was published
May 24, 2022
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection,...
Critical
Unreviewed
CVE-2021-37154
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36028
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36033
was published
May 24, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2021-38948
was published
May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load...
Critical
Unreviewed
CVE-2021-21830
was published
May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression...
Critical
Unreviewed
CVE-2021-21829
was published
May 24, 2022
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection...
Critical
Unreviewed
CVE-2013-7429
was published
May 17, 2022
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an...
Critical
Unreviewed
CVE-2020-25216
was published
May 24, 2022
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is...
Critical
Unreviewed
CVE-2019-14277
was published
May 24, 2022
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if...
Critical
Unreviewed
CVE-2019-16941
was published
May 24, 2022
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum...
Critical
Unreviewed
CVE-2023-43187
was published
Sep 27, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to...
Critical
Unreviewed
CVE-2024-51136
was published
Nov 4, 2024
ProTip!
Advisories are also available from the
GraphQL API