GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
High
GHSA-74fp-r6jw-h4mp
was published
for
k8s.io/apimachinery
(Go)
Feb 8, 2023
XML Entity Expansion in Jenkins TestComplete support Plugin
Critical
CVE-2023-24443
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
Jan 26, 2023
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Critical
CVE-2023-24441
was published
for
org.jvnet.hudson.plugins:mstest
(Maven)
Jan 26, 2023
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials...
Moderate
Unreviewed
CVE-2022-44641
was published
Nov 18, 2022
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This...
High
Unreviewed
CVE-2022-42745
was published
Nov 4, 2022
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege...
High
Unreviewed
CVE-2022-34430
was published
Oct 11, 2022
Uncontrolled Resource Consumption in snakeyaml
High
CVE-2022-25857
was published
for
org.yaml:snakeyaml
(Maven)
Aug 31, 2022
untangle vulnerable to XML Entity Expansion
High
CVE-2022-33977
was published
for
untangle
(pip)
Aug 6, 2022
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All...
Moderate
Unreviewed
CVE-2022-34467
was published
Jul 13, 2022
Quadratic blowup in Convert::xml2array()
Moderate
CVE-2021-41559
was published
for
silverstripe/framework
(Composer)
Jun 29, 2022
OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack...
High
Unreviewed
CVE-2021-40511
was published
Jun 22, 2022
Apache Solr vulnerable to XML Bomb
High
CVE-2019-12401
was published
for
org.apache.solr:solr-core
(Maven)
May 24, 2022
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior...
Moderate
Unreviewed
CVE-2021-31842
was published
May 24, 2022
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different...
High
Unreviewed
CVE-2021-38490
was published
May 24, 2022
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all...
Moderate
Unreviewed
CVE-2021-3541
was published
May 24, 2022
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related...
Moderate
Unreviewed
CVE-2020-15303
was published
May 24, 2022
It has been discovered that redhat-certification does not properly limit the number of recursive...
High
Unreviewed
CVE-2018-10868
was published
May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity...
High
Unreviewed
CVE-2021-20453
was published
May 24, 2022
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build...
Moderate
Unreviewed
CVE-2021-28973
was published
May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument...
High
Unreviewed
CVE-2021-28302
was published
May 24, 2022
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity...
Moderate
Unreviewed
CVE-2020-24665
was published
May 24, 2022
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could...
Moderate
Unreviewed
CVE-2021-1267
was published
May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML...
Moderate
Unreviewed
CVE-2020-27017
was published
May 24, 2022
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing...
High
Unreviewed
CVE-2020-25186
was published
May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates....
Moderate
Unreviewed
CVE-2020-24591
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API