GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
68 advisories
Filter by severity
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML...
High
Unreviewed
CVE-2023-22247
was published
Mar 27, 2023
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which...
High
Unreviewed
CVE-2020-29599
was published
May 24, 2022
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection...
Critical
Unreviewed
CVE-2013-7429
was published
May 17, 2022
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an...
High
Unreviewed
CVE-2016-6272
was published
May 14, 2022
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in...
High
Unreviewed
CVE-2018-1000526
was published
May 14, 2022
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type=...
High
Unreviewed
CVE-2018-16784
was published
May 14, 2022
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,...
High
Unreviewed
CVE-2008-5024
was published
May 14, 2022
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized...
High
Unreviewed
CVE-2018-16785
was published
May 14, 2022
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not...
High
Unreviewed
CVE-2018-2477
was published
May 14, 2022
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30,...
High
Unreviewed
CVE-2019-0268
was published
May 14, 2022
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of...
Moderate
Unreviewed
CVE-2022-22243
was published
Oct 18, 2022
An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate...
High
Unreviewed
CVE-2017-10603
was published
May 13, 2022
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an...
Moderate
Unreviewed
CVE-2022-22244
was published
Oct 18, 2022
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used...
High
Unreviewed
CVE-2019-4539
was published
May 24, 2022
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to...
High
Unreviewed
CVE-2022-35259
was published
Dec 6, 2022
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an...
High
Unreviewed
CVE-2022-20729
was published
May 4, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression...
Critical
Unreviewed
CVE-2021-21829
was published
May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load...
Critical
Unreviewed
CVE-2021-21830
was published
May 24, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2021-38948
was published
May 24, 2022
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and...
High
Unreviewed
CVE-2020-8479
was published
May 24, 2022
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0...
Moderate
Unreviewed
CVE-2021-22524
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
High
Unreviewed
CVE-2021-36020
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36033
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36028
was published
May 24, 2022
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via...
High
Unreviewed
CVE-2021-36359
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API