GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
686 advisories
Filter by severity
IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing...
High
Unreviewed
CVE-2023-27876
was published
Apr 7, 2023
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)...
Moderate
Unreviewed
CVE-2023-20030
was published
Apr 5, 2023
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including...
Moderate
Unreviewed
CVE-2022-43941
was published
Apr 3, 2023
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of...
Moderate
Unreviewed
CVE-2022-43473
was published
Mar 30, 2023
This vulnerability allows remote attackers to disclose sensitive information on affected...
High
Unreviewed
CVE-2022-36969
was published
Mar 29, 2023
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external...
Critical
Unreviewed
CVE-2023-28150
was published
Mar 25, 2023
An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML...
Critical
Unreviewed
CVE-2023-28151
was published
Mar 24, 2023
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external...
Critical
Unreviewed
CVE-2023-28152
was published
Mar 24, 2023
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user...
Moderate
Unreviewed
CVE-2022-43512
was published
Mar 22, 2023
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user...
Moderate
Unreviewed
CVE-2022-41696
was published
Mar 22, 2023
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user...
Moderate
Unreviewed
CVE-2022-45121
was published
Mar 22, 2023
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user...
Moderate
Unreviewed
CVE-2022-46286
was published
Mar 22, 2023
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user...
Moderate
Unreviewed
CVE-2022-46300
was published
Mar 22, 2023
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user...
Moderate
Unreviewed
CVE-2022-45468
was published
Mar 22, 2023
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when...
High
Unreviewed
CVE-2023-27874
was published
Mar 21, 2023
SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker...
Moderate
Unreviewed
CVE-2023-26461
was published
Mar 14, 2023
An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE...
Critical
Unreviewed
CVE-2023-1288
was published
Mar 9, 2023
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A...
Moderate
Unreviewed
CVE-2023-20052
was published
Mar 1, 2023
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary...
Critical
Unreviewed
CVE-2023-24189
was published
Feb 25, 2023
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious...
High
Unreviewed
CVE-2023-20855
was published
Feb 22, 2023
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects...
Critical
Unreviewed
CVE-2015-10082
was published
Feb 21, 2023
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver...
Moderate
Unreviewed
CVE-2023-26267
was published
Feb 21, 2023
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the...
High
Unreviewed
CVE-2021-33950
was published
Feb 17, 2023
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0...
Critical
Unreviewed
CVE-2022-39954
was published
Feb 16, 2023
Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection...
High
Unreviewed
CVE-2023-24323
was published
Feb 9, 2023
ProTip!
Advisories are also available from the
GraphQL API