GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
163 advisories
Filter by severity
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in...
Critical
Unreviewed
CVE-2024-10218
was published
Nov 12, 2024
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to...
Critical
Unreviewed
CVE-2024-51136
was published
Nov 4, 2024
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of...
Critical
Unreviewed
CVE-2023-20918
was published
Jul 13, 2023
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure...
Critical
Unreviewed
CVE-2024-7098
was published
Sep 16, 2024
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length...
Critical
Unreviewed
CVE-2024-45490
was published
Aug 30, 2024
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML...
Critical
Unreviewed
CVE-2019-9670
was published
May 24, 2022
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
Critical
Unreviewed
CVE-2018-14485
was published
May 24, 2022
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)...
Critical
Unreviewed
CVE-2022-32755
was published
Oct 14, 2023
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was...
Critical
Unreviewed
CVE-2023-45612
was published
Oct 9, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External...
Critical
Unreviewed
CVE-2023-35892
was published
Sep 5, 2023
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity...
Critical
Unreviewed
CVE-2023-37364
was published
Aug 3, 2023
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
Critical
Unreviewed
CVE-2023-24470
was published
Jun 14, 2023
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection ...
Critical
Unreviewed
CVE-2023-27554
was published
May 11, 2023
An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan...
Critical
Unreviewed
CVE-2018-20687
was published
May 24, 2022
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by...
Critical
Unreviewed
CVE-2019-14678
was published
May 24, 2022
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported,...
Critical
Unreviewed
CVE-2019-13625
was published
May 24, 2022
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to...
Critical
Unreviewed
CVE-2019-1903
was published
May 24, 2022
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and...
Critical
Unreviewed
CVE-2018-18471
was published
May 24, 2022
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit...
Critical
Unreviewed
CVE-2018-18406
was published
May 24, 2022
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to...
Critical
Unreviewed
CVE-2018-15506
was published
May 24, 2022
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to...
Critical
Unreviewed
CVE-2019-12154
was published
May 24, 2022
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra...
Critical
Unreviewed
CVE-2018-20160
was published
May 24, 2022
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has...
Critical
Unreviewed
CVE-2018-8940
was published
May 24, 2022
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk...
Critical
Unreviewed
CVE-2019-7442
was published
May 24, 2022
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224...
Critical
Unreviewed
CVE-2019-11677
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API