Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing High
GHSA-74fp-r6jw-h4mp was published for k8s.io/apimachinery (Go) Feb 8, 2023
XML external entity vulnerability on agents in Jenkins MSTest Plugin Critical
CVE-2023-24441 was published for org.jvnet.hudson.plugins:mstest (Maven) Jan 26, 2023
tfonfara
XML Entity Expansion in Jenkins TestComplete support Plugin Critical
CVE-2023-24443 was published for org.jenkins-ci.plugins:TestComplete (Maven) Jan 26, 2023
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials... Moderate Unreviewed
CVE-2022-44641 was published Nov 18, 2022
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This... High Unreviewed
CVE-2022-42745 was published Nov 4, 2022
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege... High Unreviewed
CVE-2022-34430 was published Oct 11, 2022
Uncontrolled Resource Consumption in snakeyaml High
CVE-2022-25857 was published for org.yaml:snakeyaml (Maven) Aug 31, 2022
wonda-tea-coffee
untangle vulnerable to XML Entity Expansion High
CVE-2022-33977 was published for untangle (pip) Aug 6, 2022
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All... Moderate Unreviewed
CVE-2022-34467 was published Jul 13, 2022
Quadratic blowup in Convert::xml2array() Moderate
CVE-2021-41559 was published for silverstripe/framework (Composer) Jun 29, 2022
OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack... High Unreviewed
CVE-2021-40511 was published Jun 22, 2022
Apache Solr vulnerable to XML Bomb High
CVE-2019-12401 was published for org.apache.solr:solr-core (Maven) May 24, 2022
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior... Moderate Unreviewed
CVE-2021-31842 was published May 24, 2022
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different... High Unreviewed
CVE-2021-38490 was published May 24, 2022
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all... Moderate Unreviewed
CVE-2021-3541 was published May 24, 2022
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related... Moderate Unreviewed
CVE-2020-15303 was published May 24, 2022
It has been discovered that redhat-certification does not properly limit the number of recursive... High Unreviewed
CVE-2018-10868 was published May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity... High Unreviewed
CVE-2021-20453 was published May 24, 2022
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build... Moderate Unreviewed
CVE-2021-28973 was published May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument... High Unreviewed
CVE-2021-28302 was published May 24, 2022
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity... Moderate Unreviewed
CVE-2020-24665 was published May 24, 2022
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could... Moderate Unreviewed
CVE-2021-1267 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML... Moderate Unreviewed
CVE-2020-27017 was published May 24, 2022
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing... High Unreviewed
CVE-2020-25186 was published May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates.... Moderate Unreviewed
CVE-2020-24591 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database