Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,062 advisories

Loading
Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for org.mule.modules:mule-apikit-module (Maven) May 24, 2022
binary-1024
In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete... High Unreviewed
CVE-2018-9375 was published Jan 18, 2025
In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of... Moderate Unreviewed
CVE-2018-9379 was published Jan 18, 2025
An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an... High Unreviewed
CVE-2025-23195 was published Jan 22, 2025
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML... Moderate Unreviewed
CVE-2016-9563 was published Apr 30, 2022
BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML... Low Unreviewed
CVE-2024-42185 was published Jan 23, 2025
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS... Moderate Unreviewed
CVE-2024-5919 was published Nov 14, 2024
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` High
CVE-2024-52807 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
dotasek
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and... High Unreviewed
CVE-2024-49352 was published Feb 5, 2025
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges... Moderate Unreviewed
CVE-2023-27652 was published Apr 20, 2023
IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing... High Unreviewed
CVE-2024-54171 was published Feb 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database