Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack... Moderate Unreviewed
CVE-2020-4377 was published May 24, 2022
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML... Moderate Unreviewed
CVE-2020-24589 was published May 24, 2022
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML... Moderate Unreviewed
CVE-2020-4481 was published May 24, 2022
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by... Moderate Unreviewed
CVE-2020-9354 was published May 24, 2022
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0... Moderate Unreviewed
CVE-2019-20104 was published May 24, 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials... Moderate Unreviewed
CVE-2022-44641 was published Nov 18, 2022
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All... Moderate Unreviewed
CVE-2022-34467 was published Jul 13, 2022
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege... High Unreviewed
CVE-2022-34430 was published Oct 11, 2022
OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack... High Unreviewed
CVE-2021-40511 was published Jun 22, 2022
It has been discovered that redhat-certification does not properly limit the number of recursive... High Unreviewed
CVE-2018-10868 was published May 24, 2022
Improper Restriction of Recursive Entity References in Apache XMLBeans Critical
CVE-2021-23926 was published for org.apache.xmlbeans:xmlbeans (Maven) Jun 16, 2021
Improper Restriction of Recursive Entity References in DTDs in Apache POI Moderate
CVE-2017-5644 was published for org.apache.poi:poi (Maven) May 13, 2022
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be... Moderate Unreviewed
CVE-2021-20464 was published Apr 23, 2022
Inline DTD allows XML bomb attack High
CVE-2019-15160 was published for sweet_xml (Erlang) Apr 12, 2022
Moderate severity vulnerability that affects org.restlet.jse:org.restlet Moderate
CVE-2014-1868 was published for org.restlet.jse:org.restlet (Maven) Oct 17, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database