GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,952
Composer 4,274
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,419
Pub 12
RubyGems 891
Rust 872
Swift 36

Unreviewed advisories

All unreviewed 238,571

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

43 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could... Moderate Unreviewed

CVE-2021-1267 was published May 24, 2022

Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed

CVE-2024-27142 was published Jun 14, 2024

Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed

CVE-2024-27141 was published Jun 14, 2024

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including... High Unreviewed

CVE-2024-28982 was published Jun 27, 2024

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack Moderate Unreviewed

CVE-2022-28652 was published Jun 5, 2024

A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI... Moderate Unreviewed

CVE-2023-41635 was published Aug 31, 2023

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD... Moderate Unreviewed

CVE-2023-3569 was published Aug 8, 2023

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build... Moderate Unreviewed

CVE-2021-28973 was published May 24, 2022

InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with... High Unreviewed

CVE-2020-3946 was published May 24, 2022

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that... High Unreviewed

CVE-2015-9541 was published May 24, 2022

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute... Critical Unreviewed

CVE-2014-2228 was published May 17, 2022

An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur... High Unreviewed

CVE-2020-9352 was published May 24, 2022

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile... Moderate Unreviewed

CVE-2023-52426 was published Feb 4, 2024

Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion,... High Unreviewed

CVE-2011-3288 was published May 17, 2022

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This... High Unreviewed

CVE-2022-42745 was published Nov 4, 2022

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7,... Moderate Unreviewed

CVE-2009-1955 was published May 2, 2022

jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows... Moderate Unreviewed

CVE-2011-1755 was published May 17, 2022

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A... Moderate Unreviewed

CVE-2023-20052 was published Mar 1, 2023

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an... Moderate Unreviewed

CVE-2008-3281 was published May 1, 2022

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which... High Unreviewed

CVE-2003-1564 was published Apr 29, 2022

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the... High Unreviewed

CVE-2023-49967 was published Dec 7, 2023

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior... Moderate Unreviewed

CVE-2021-31842 was published May 24, 2022

Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different... High Unreviewed

CVE-2021-38490 was published May 24, 2022

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all... Moderate Unreviewed

CVE-2021-3541 was published May 24, 2022

Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related... Moderate Unreviewed

CVE-2020-15303 was published May 24, 2022

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

43 advisories