Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

27 advisories

Loading
Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed
CVE-2024-27141 was published Jun 14, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed
CVE-2024-27142 was published Jun 14, 2024
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack Moderate Unreviewed
CVE-2022-28652 was published Jun 5, 2024
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile... Moderate Unreviewed
CVE-2023-52426 was published Feb 4, 2024
A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI... Moderate Unreviewed
CVE-2023-41635 was published Aug 31, 2023
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD... Moderate Unreviewed
CVE-2023-3569 was published Aug 8, 2023
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A... Moderate Unreviewed
CVE-2023-20052 was published Mar 1, 2023
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials... Moderate Unreviewed
CVE-2022-44641 was published Nov 18, 2022
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All... Moderate Unreviewed
CVE-2022-34467 was published Jul 13, 2022
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior... Moderate Unreviewed
CVE-2021-31842 was published May 24, 2022
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all... Moderate Unreviewed
CVE-2021-3541 was published May 24, 2022
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related... Moderate Unreviewed
CVE-2020-15303 was published May 24, 2022
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build... Moderate Unreviewed
CVE-2021-28973 was published May 24, 2022
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity... Moderate Unreviewed
CVE-2020-24665 was published May 24, 2022
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could... Moderate Unreviewed
CVE-2021-1267 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML... Moderate Unreviewed
CVE-2020-27017 was published May 24, 2022
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates.... Moderate Unreviewed
CVE-2020-24591 was published May 24, 2022
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML... Moderate Unreviewed
CVE-2020-24589 was published May 24, 2022
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3... Moderate Unreviewed
CVE-2020-24052 was published May 24, 2022
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML... Moderate Unreviewed
CVE-2020-4481 was published May 24, 2022
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack... Moderate Unreviewed
CVE-2020-4377 was published May 24, 2022
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by... Moderate Unreviewed
CVE-2020-9354 was published May 24, 2022
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0... Moderate Unreviewed
CVE-2019-20104 was published May 24, 2022
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows... Moderate Unreviewed
CVE-2011-1755 was published May 17, 2022
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7,... Moderate Unreviewed
CVE-2009-1955 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database