GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,405

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

162 advisories

Filter by severity

Sort by

Least recently updated

An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to... Critical Unreviewed

CVE-2024-51136 was published Nov 4, 2024

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure... Critical Unreviewed

CVE-2024-7098 was published Sep 16, 2024

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length... Critical Unreviewed

CVE-2024-45490 was published Aug 30, 2024

An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code... Critical Unreviewed

CVE-2023-26999 was published Jan 9, 2024

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a... Critical Unreviewed

CVE-2023-52252 was published Dec 30, 2023

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed

CVE-2022-32755 was published Oct 14, 2023

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was... Critical Unreviewed

CVE-2023-45612 was published Oct 9, 2023

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External... Critical Unreviewed

CVE-2023-35892 was published Sep 5, 2023

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no... Critical Unreviewed

CVE-2022-48565 was published Aug 22, 2023

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. Critical Unreviewed

CVE-2023-32567 was published Aug 10, 2023

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity... Critical Unreviewed

CVE-2023-37364 was published Aug 3, 2023

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of... Critical Unreviewed

CVE-2023-20918 was published Jul 13, 2023

Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Critical Unreviewed

CVE-2023-24470 was published Jun 14, 2023

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection ... Critical Unreviewed

CVE-2023-27554 was published May 11, 2023

An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external... Critical Unreviewed

CVE-2023-28150 was published Mar 25, 2023

An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML... Critical Unreviewed

CVE-2023-28151 was published Mar 24, 2023

An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external... Critical Unreviewed

CVE-2023-28152 was published Mar 24, 2023

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE... Critical Unreviewed

CVE-2023-1288 was published Mar 9, 2023

An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary... Critical Unreviewed

CVE-2023-24189 was published Feb 25, 2023

A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects... Critical Unreviewed

CVE-2015-10082 was published Feb 21, 2023

An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0... Critical Unreviewed

CVE-2022-39954 was published Feb 16, 2023

XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09. Critical Unreviewed

CVE-2022-45588 was published Feb 3, 2023

IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed

CVE-2022-38389 was published Feb 3, 2023

IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity... Critical Unreviewed

CVE-2022-22486 was published Feb 3, 2023

Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). Critical Unreviewed

CVE-2022-47873 was published Feb 1, 2023

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

162 advisories