Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
Layout XML Arbitrary Code Fix High
CVE-2021-32758 was published for openmage/magento-lts (Composer) Aug 30, 2021
Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks High
CVE-2022-46464 was published for concrete5/concrete5 (Composer) Dec 6, 2022 withdrawn
LisaCISO
Magento XPath Injection Critical
CVE-2021-21025 was published for magento/community-edition (Composer) May 24, 2022
Magento XML injection in the Widgets module Critical
CVE-2021-21019 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Module Critical
CVE-2022-34253 was published for magento/community-edition (Composer) Aug 17, 2022
Magento 2 Community Edition XML Injection Critical
CVE-2019-8158 was published for magento/community-edition (Composer) May 24, 2022
robrichards/xmlseclibs XPath injection High
GHSA-2g98-f9jv-w8c5 was published for robrichards/xmlseclibs (Composer) May 20, 2024
XXE in PHPSpreadsheet due to encoding issue High
CVE-2018-19277 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
ProTip! Advisories are also available from the GraphQL API