GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could...
Moderate
Unreviewed
CVE-2021-1267
was published
May 24, 2022
XML2Dict XML Entity Expansion Vulnerability
High
CVE-2021-25951
was published
for
XML2Dict
(pip)
Jul 2, 2021
untangle vulnerable to XML Entity Expansion
High
CVE-2022-33977
was published
for
untangle
(pip)
Aug 6, 2022
REXML denial of service vulnerability
High
CVE-2024-43398
was published
for
rexml
(RubyGems)
Aug 22, 2024
ebookmeta XML External Entity vulnerability
High
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
Feedgen Vulnerable to XML Denial of Service Attacks
Moderate
CVE-2020-5227
was published
for
feedgen
(pip)
Jan 28, 2020
ebookmeta XML External Entity vulnerability
High
CVE-2024-36827
was published
for
ebookmeta
(pip)
Jun 7, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the...
Moderate
Unreviewed
CVE-2024-27142
was published
Jun 14, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the...
Moderate
Unreviewed
CVE-2024-27141
was published
Jun 14, 2024
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including...
High
Unreviewed
CVE-2024-28982
was published
Jun 27, 2024
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
Moderate
Unreviewed
CVE-2022-28652
was published
Jun 5, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
Zendframework Denial of Service vector via XEE injection
High
GHSA-2jx7-xg83-j2m7
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
symfony/validator XML Entity Expansion vulnerability
High
GHSA-4vf2-qfg3-7598
was published
for
symfony/validator
(Composer)
May 30, 2024
symfony/translation XML Entity Expansion vulnerability
High
GHSA-f75p-x5vm-83qp
was published
for
symfony/translation
(Composer)
May 30, 2024
Symfony XML Entity Expansion security vulnerability
High
GHSA-q2gc-gg3x-7942
was published
for
symfony/symfony
(Composer)
May 30, 2024
SilverStripe framework XML Quadratic Blowup Attack
Moderate
GHSA-g43w-98wp-m694
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
High
GHSA-74fp-r6jw-h4mp
was published
for
k8s.io/apimachinery
(Go)
Feb 8, 2023
A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI...
Moderate
Unreviewed
CVE-2023-41635
was published
Aug 31, 2023
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD...
Moderate
Unreviewed
CVE-2023-3569
was published
Aug 8, 2023
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build...
Moderate
Unreviewed
CVE-2021-28973
was published
May 24, 2022
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with...
High
Unreviewed
CVE-2020-3946
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API