GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
43 advisories
Filter by severity
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be...
Moderate
Unreviewed
CVE-2021-20464
was published
Apr 23, 2022
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which...
High
Unreviewed
CVE-2003-1564
was published
Apr 29, 2022
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an...
Moderate
Unreviewed
CVE-2008-3281
was published
May 1, 2022
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7,...
Moderate
Unreviewed
CVE-2009-1955
was published
May 2, 2022
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows...
Moderate
Unreviewed
CVE-2011-1755
was published
May 17, 2022
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion,...
High
Unreviewed
CVE-2011-3288
was published
May 17, 2022
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute...
Critical
Unreviewed
CVE-2014-2228
was published
May 17, 2022
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that...
High
Unreviewed
CVE-2015-9541
was published
May 24, 2022
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0...
Moderate
Unreviewed
CVE-2019-20104
was published
May 24, 2022
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur...
High
Unreviewed
CVE-2020-9352
was published
May 24, 2022
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by...
Moderate
Unreviewed
CVE-2020-9354
was published
May 24, 2022
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with...
High
Unreviewed
CVE-2020-3946
was published
May 24, 2022
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack...
Moderate
Unreviewed
CVE-2020-4377
was published
May 24, 2022
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML...
Moderate
Unreviewed
CVE-2020-4481
was published
May 24, 2022
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3...
Moderate
Unreviewed
CVE-2020-24052
was published
May 24, 2022
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML...
Moderate
Unreviewed
CVE-2020-24589
was published
May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates....
Moderate
Unreviewed
CVE-2020-24591
was published
May 24, 2022
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing...
High
Unreviewed
CVE-2020-25186
was published
May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML...
Moderate
Unreviewed
CVE-2020-27017
was published
May 24, 2022
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could...
Moderate
Unreviewed
CVE-2021-1267
was published
May 24, 2022
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity...
Moderate
Unreviewed
CVE-2020-24665
was published
May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument...
High
Unreviewed
CVE-2021-28302
was published
May 24, 2022
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build...
Moderate
Unreviewed
CVE-2021-28973
was published
May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity...
High
Unreviewed
CVE-2021-20453
was published
May 24, 2022
It has been discovered that redhat-certification does not properly limit the number of recursive...
High
Unreviewed
CVE-2018-10868
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API