Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security... Moderate Unreviewed
CVE-2024-2645 was published Mar 20, 2024
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application... Moderate Unreviewed
CVE-2024-2648 was published Mar 20, 2024
IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8... High Unreviewed
CVE-2024-47113 was published Jan 18, 2025
veraPDF has potential XSLT injection vulnerability when using policy files High
CVE-2024-28109 was published for org.verapdf:core (Maven) May 20, 2024
binary-1024
A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved... Critical Unreviewed
CVE-2024-25413 was published Feb 16, 2024
In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible... High Unreviewed
CVE-2024-34740 was published Aug 16, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-53674 was published Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-53675 was published Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-11622 was published Nov 27, 2024
Modoboa is vulnerable to an XML External Entity Injection (XXE) High
CVE-2019-19702 was published for modoboa-dmarc (pip) May 24, 2022
An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while... Moderate Unreviewed
CVE-2024-33858 was published May 7, 2024
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to... Critical Unreviewed
CVE-2024-51136 was published Nov 4, 2024
XML Injection in ReportLab Critical
CVE-2019-17626 was published for reportlab (pip) May 24, 2022
XML External Entity Injection in PyWPS High
CVE-2021-39371 was published for pywps (pip) Sep 2, 2021
tdunlap607
XML Injection in python-libnmap High
CVE-2019-1010017 was published for python-libnmap (pip) Jul 18, 2019
Duplicate Advisory: XML Injection in petl Critical
GHSA-69q2-p9xp-739v was published for petl (pip) Apr 20, 2021 withdrawn
An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test... High Unreviewed
CVE-2022-22834 was published Mar 11, 2022
XXE in PHPSpreadsheet due to encoding issue High
CVE-2018-19277 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted... High Unreviewed
CVE-2024-42374 was published Aug 13, 2024
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1... Moderate Unreviewed
CVE-2023-35858 was published Jun 13, 2024
robrichards/xmlseclibs XPath injection High
GHSA-2g98-f9jv-w8c5 was published for robrichards/xmlseclibs (Composer) May 20, 2024
codehaus-plexus vulnerable to XML injection Moderate
CVE-2022-4245 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This... Moderate Unreviewed
CVE-2023-32173 was published May 3, 2024
Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-27328 was published May 3, 2024
ReportLab vulnerable to remote code execution via paraparser Critical
CVE-2019-19450 was published for reportlab (pip) Sep 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database