Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

92 advisories

robrichards/xmlseclibs XPath injection High
GHSA-2g98-f9jv-w8c5 was published for robrichards/xmlseclibs (Composer) May 20, 2024
veraPDF has potential XSLT injection vulnerability when using policy files High
CVE-2024-28109 was published for org.verapdf:core (Maven) May 20, 2024
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This... Moderate Unreviewed
CVE-2023-32173 was published May 3, 2024
Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-27328 was published May 3, 2024
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize... High Unreviewed
CVE-2023-46214 was published Nov 16, 2023
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2022-32755 was published Oct 14, 2023
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum... Critical Unreviewed
CVE-2023-43187 was published Sep 27, 2023
codehaus-plexus vulnerable to XML injection Moderate
CVE-2022-4245 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
ReportLab vulnerable to remote code execution via paraparser Critical
CVE-2019-19450 was published for reportlab (pip) Sep 20, 2023
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible... High Unreviewed
CVE-2023-40612 was published Aug 23, 2023
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier)... High Unreviewed
CVE-2023-38207 was published Aug 9, 2023
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier)... Moderate Unreviewed
CVE-2023-29289 was published Jun 15, 2023
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script... High Unreviewed
CVE-2019-25137 was published May 18, 2023
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML... High Unreviewed
CVE-2023-22247 was published Mar 27, 2023
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0... High Unreviewed
CVE-2023-27253 was published Mar 18, 2023
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox.... Critical Unreviewed
CVE-2021-4140 was published Dec 22, 2022
Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks High
CVE-2022-46464 was published for concrete5/concrete5 (Composer) Dec 6, 2022 withdrawn
LisaCISO
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to... High Unreviewed
CVE-2022-35259 was published Dec 6, 2022
XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an... High Unreviewed
CVE-2022-27233 was published Nov 11, 2022
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an... Moderate Unreviewed
CVE-2022-22244 was published Oct 18, 2022
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of... Moderate Unreviewed
CVE-2022-22243 was published Oct 18, 2022
Magento XML Injection vulnerability in the Widgets Module Critical
CVE-2022-34253 was published for magento/community-edition (Composer) Aug 17, 2022
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with... High Unreviewed
CVE-2022-2458 was published Aug 11, 2022
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could... High Unreviewed
CVE-2022-33739 was published Jun 17, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression... Critical Unreviewed
CVE-2021-21829 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API