Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

47 advisories

Loading
Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that... High Unreviewed
CVE-2022-50902 was published Jan 14, 2026
An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated... High Unreviewed
CVE-2025-1545 was published Dec 5, 2025
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. ... High Unreviewed
CVE-2025-24404 was published Sep 9, 2025
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection... High Unreviewed
CVE-2025-49538 was published Jul 8, 2025
IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8... High Unreviewed
CVE-2024-47113 was published Jan 18, 2025
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-53675 was published Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-53674 was published Nov 27, 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed
CVE-2024-11622 was published Nov 27, 2024
In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible... High Unreviewed
CVE-2024-34740 was published Aug 16, 2024
BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted... High Unreviewed
CVE-2024-42374 was published Aug 13, 2024
Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-27328 was published May 3, 2024
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize... High Unreviewed
CVE-2023-46214 was published Nov 16, 2023
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible... High Unreviewed
CVE-2023-40612 was published Aug 23, 2023
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script... High Unreviewed
CVE-2019-25137 was published May 18, 2023
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0... High Unreviewed
CVE-2023-27253 was published Mar 18, 2023
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to... High Unreviewed
CVE-2022-35259 was published Dec 6, 2022
XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an... High Unreviewed
CVE-2022-27233 was published Nov 11, 2022
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with... High Unreviewed
CVE-2022-2458 was published Aug 11, 2022
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could... High Unreviewed
CVE-2022-33739 was published Jun 17, 2022
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and... High Unreviewed
CVE-2020-8479 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack... High Unreviewed
CVE-2018-1721 was published May 24, 2022
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via... High Unreviewed
CVE-2021-36359 was published May 24, 2022
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior.... High Unreviewed
CVE-2021-2322 was published May 24, 2022
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs... High Unreviewed
CVE-2021-31598 was published May 24, 2022
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which... High Unreviewed
CVE-2020-29599 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database