GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,777
Composer 4,248
Erlang 31
GitHub Actions 21
Go 2,014
Maven 5,201
npm 3,721
NuGet 662
pip 3,393
Pub 11
RubyGems 890
Rust 852
Swift 36

Unreviewed advisories

All unreviewed 236,136

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

233 advisories

Filter by severity

Sort by

Least recently updated

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user... Moderate Unreviewed

CVE-2022-46286 was published Mar 22, 2023

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user... Moderate Unreviewed

CVE-2022-46300 was published Mar 22, 2023

SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker... Moderate Unreviewed

CVE-2023-26461 was published Mar 14, 2023

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A... Moderate Unreviewed

CVE-2023-20052 was published Mar 1, 2023

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver... Moderate Unreviewed

CVE-2023-26267 was published Feb 21, 2023

Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX... Moderate Unreviewed

CVE-2023-22322 was published Jan 30, 2023

A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic.... Moderate Unreviewed

CVE-2022-4818 was published Dec 28, 2022

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line... Moderate Unreviewed

CVE-2022-37911 was published Dec 12, 2022

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom... Moderate Unreviewed

CVE-2022-46827 was published Dec 8, 2022

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2... Moderate Unreviewed

CVE-2022-45326 was published Dec 6, 2022

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External... Moderate Unreviewed

CVE-2022-40771 was published Nov 23, 2022

A vulnerability in the module import function of the administrative interface of Cisco Firepower... Moderate Unreviewed

CVE-2022-20938 was published Nov 16, 2022

CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash... Moderate Unreviewed

CVE-2022-45194 was published Nov 12, 2022

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform... Moderate Unreviewed

CVE-2022-43570 was published Nov 5, 2022

An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an... Moderate Unreviewed

CVE-2022-3338 was published Oct 18, 2022

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an... Moderate Unreviewed

CVE-2022-38419 was published Oct 15, 2022

Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity ... Moderate Unreviewed

CVE-2022-38342 was published Sep 14, 2022

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows... Moderate Unreviewed

CVE-2022-2330 was published Aug 31, 2022

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling... Moderate Unreviewed

CVE-2022-2838 was published Aug 17, 2022

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's... Moderate Unreviewed

CVE-2020-14379 was published Aug 17, 2022

Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. Moderate Unreviewed

CVE-2022-34001 was published Jul 20, 2022

Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote... Moderate Unreviewed

CVE-2021-20839 was published May 24, 2022

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML... Moderate Unreviewed

CVE-2021-20801 was published May 24, 2022

Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE... Moderate Unreviewed

CVE-2021-40439 was published May 24, 2022

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed

CVE-2021-34706 was published May 24, 2022

Previous 1 2 3 4 5 6 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

233 advisories