Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

118 advisories

Loading
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load... Critical Unreviewed
CVE-2021-21830 was published May 24, 2022
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and... High Unreviewed
CVE-2020-8479 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack... High Unreviewed
CVE-2018-1721 was published May 24, 2022
XML Injection in ReportLab Critical
CVE-2019-17626 was published for reportlab (pip) May 24, 2022
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0... Moderate Unreviewed
CVE-2019-9892 was published May 24, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2021-38948 was published May 24, 2022
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0... Moderate Unreviewed
CVE-2021-22524 was published May 24, 2022
Magento XML Injection vulnerability in the Widgets Update Layout High
CVE-2021-36022 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the 'City' field High
CVE-2021-36020 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Module Critical
CVE-2021-36033 was published for magento/community-edition (Composer) May 24, 2022
Magento has an XML Injection vulnerability Critical
CVE-2021-36028 was published for magento/community-edition (Composer) May 24, 2022
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via... High Unreviewed
CVE-2021-36359 was published May 24, 2022
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection,... Critical Unreviewed
CVE-2021-37154 was published May 24, 2022
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior.... High Unreviewed
CVE-2021-2322 was published May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs... High Unreviewed
CVE-2021-31598 was published May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs... Moderate Unreviewed
CVE-2021-31347 was published May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs... Moderate Unreviewed
CVE-2021-31348 was published May 24, 2022
Magento XML injection in the Widgets module Critical
CVE-2021-21019 was published for magento/community-edition (Composer) May 24, 2022
Magento XPath Injection Critical
CVE-2021-21025 was published for magento/community-edition (Composer) May 24, 2022
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which... High Unreviewed
CVE-2020-29599 was published May 24, 2022
XML injection in Crafter CMS High
CVE-2017-15683 was published for org.craftercms:crafter-core (Maven) May 24, 2022
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an... Critical Unreviewed
CVE-2020-25216 was published May 24, 2022
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1... Moderate Unreviewed
CVE-2020-3846 was published May 24, 2022
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate... High Unreviewed
CVE-2020-0646 was published May 24, 2022
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML... Moderate Unreviewed
CVE-2019-20201 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database