GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,572
Composer 4,205
Erlang 31
GitHub Actions 19
Go 1,986
Maven 5,163
npm 3,703
NuGet 661
pip 3,329
Pub 11
RubyGems 884
Rust 843
Swift 36

Unreviewed advisories

All unreviewed 234,068

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

69 advisories

Filter by severity

Sort by

Least recently updated

An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0... Moderate Unreviewed

CVE-2019-9892 was published May 24, 2022

ALIN MDaemon Security Gateway through 8.5.0 allows XML Injection. Moderate Unreviewed

CVE-2022-25356 was published Apr 6, 2022

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox.... Critical Unreviewed

CVE-2021-4140 was published Dec 22, 2022

Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks... High Unreviewed

CVE-2015-3932 was published May 17, 2022

CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could... High Unreviewed

CVE-2022-33739 was published Jun 17, 2022

Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping... High Unreviewed

CVE-2015-3931 was published May 17, 2022

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may... High Unreviewed

CVE-2017-5654 was published May 17, 2022

IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks... Moderate Unreviewed

CVE-2016-2932 was published May 17, 2022

XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an... High Unreviewed

CVE-2022-27233 was published Nov 11, 2022

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0... High Unreviewed

CVE-2022-22784 was published May 19, 2022

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a... High Unreviewed

CVE-2019-12787 was published May 24, 2022

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1... Moderate Unreviewed

CVE-2020-3846 was published May 24, 2022

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed

CVE-2021-36022 was published May 24, 2022

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs... Moderate Unreviewed

CVE-2021-31347 was published May 24, 2022

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs... High Unreviewed

CVE-2021-31598 was published May 24, 2022

Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior.... High Unreviewed

CVE-2021-2322 was published May 24, 2022

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs... Moderate Unreviewed

CVE-2021-31348 was published May 24, 2022

In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection,... Critical Unreviewed

CVE-2021-37154 was published May 24, 2022

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via... High Unreviewed

CVE-2021-36359 was published May 24, 2022

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed

CVE-2021-36028 was published May 24, 2022

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed

CVE-2021-36033 was published May 24, 2022

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... High Unreviewed

CVE-2021-36020 was published May 24, 2022

Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0... Moderate Unreviewed

CVE-2021-22524 was published May 24, 2022

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and... High Unreviewed

CVE-2020-8479 was published May 24, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed

CVE-2021-38948 was published May 24, 2022

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

69 advisories