Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

115 advisories

Loading
XML Injection in ReportLab Critical
CVE-2019-17626 was published for reportlab (pip) May 24, 2022
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0... Moderate Unreviewed
CVE-2019-9892 was published May 24, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2021-38948 was published May 24, 2022
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0... Moderate Unreviewed
CVE-2021-22524 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... High Unreviewed
CVE-2021-36020 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36022 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36028 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36033 was published May 24, 2022
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via... High Unreviewed
CVE-2021-36359 was published May 24, 2022
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection,... Critical Unreviewed
CVE-2021-37154 was published May 24, 2022
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior.... High Unreviewed
CVE-2021-2322 was published May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs... High Unreviewed
CVE-2021-31598 was published May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs... Moderate Unreviewed
CVE-2021-31348 was published May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs... Moderate Unreviewed
CVE-2021-31347 was published May 24, 2022
Magento XML injection in the Widgets module Critical
CVE-2021-21019 was published for magento/community-edition (Composer) May 24, 2022
Magento XPath Injection Critical
CVE-2021-21025 was published for magento/community-edition (Composer) May 24, 2022
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which... High Unreviewed
CVE-2020-29599 was published May 24, 2022
XML injection in Crafter CMS High
CVE-2017-15683 was published for org.craftercms:crafter-core (Maven) May 24, 2022
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an... Critical Unreviewed
CVE-2020-25216 was published May 24, 2022
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1... Moderate Unreviewed
CVE-2020-3846 was published May 24, 2022
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate... High Unreviewed
CVE-2020-0646 was published May 24, 2022
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML... Moderate Unreviewed
CVE-2019-20201 was published May 24, 2022
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is:... High Unreviewed
CVE-2019-19032 was published May 24, 2022
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is:... High Unreviewed
CVE-2019-19031 was published May 24, 2022
Modoboa is vulnerable to an XML External Entity Injection (XXE) High
CVE-2019-19702 was published for modoboa-dmarc (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database