Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

89 advisories

Loading
Feedgen Vulnerable to XML Denial of Service Attacks High
CVE-2020-5227 was published for feedgen (pip) Jan 28, 2020
Moderate severity vulnerability that affects org.restlet.jse:org.restlet Moderate
CVE-2014-1868 was published for org.restlet.jse:org.restlet (Maven) Oct 17, 2018
Inline DTD allows XML bomb attack High
CVE-2019-15160 was published for sweet_xml (Erlang) Apr 12, 2022
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be... Moderate Unreviewed
CVE-2021-20464 was published Apr 23, 2022
Improper Restriction of Recursive Entity References in DTDs in Apache POI Moderate
CVE-2017-5644 was published for org.apache.poi:poi (Maven) May 13, 2022
Improper Restriction of Recursive Entity References in Apache XMLBeans Critical
CVE-2021-23926 was published for org.apache.xmlbeans:xmlbeans (Maven) Jun 16, 2021
It has been discovered that redhat-certification does not properly limit the number of recursive... High Unreviewed
CVE-2018-10868 was published May 24, 2022
OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack... High Unreviewed
CVE-2021-40511 was published Jun 22, 2022
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege... High Unreviewed
CVE-2022-34430 was published Oct 11, 2022
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All... Moderate Unreviewed
CVE-2022-34467 was published Jul 13, 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials... Moderate Unreviewed
CVE-2022-44641 was published Nov 18, 2022
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0... Moderate Unreviewed
CVE-2019-20104 was published May 24, 2022
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by... Moderate Unreviewed
CVE-2020-9354 was published May 24, 2022
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML... Moderate Unreviewed
CVE-2020-4481 was published May 24, 2022
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML... Moderate Unreviewed
CVE-2020-24589 was published May 24, 2022
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack... Moderate Unreviewed
CVE-2020-4377 was published May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates.... Moderate Unreviewed
CVE-2020-24591 was published May 24, 2022
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3... Moderate Unreviewed
CVE-2020-24052 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML... Moderate Unreviewed
CVE-2020-27017 was published May 24, 2022
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing... High Unreviewed
CVE-2020-25186 was published May 24, 2022
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity... Moderate Unreviewed
CVE-2020-24665 was published May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument... High Unreviewed
CVE-2021-28302 was published May 24, 2022
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could... Moderate Unreviewed
CVE-2021-1267 was published May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity... High Unreviewed
CVE-2021-20453 was published May 24, 2022
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related... Moderate Unreviewed
CVE-2020-15303 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API