GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,475
Composer 5,369
Erlang 44
GitHub Actions 45
Go 3,248
Maven 6,316
npm 5,215
NuGet 867
pip 4,513
Pub 12
RubyGems 997
Rust 1,189
Swift 51

Unreviewed advisories

All unreviewed 293,990

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

85 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in... Moderate Unreviewed

CVE-2026-28770 was published Mar 4, 2026

XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System ... Moderate Unreviewed

CVE-2026-1554 was published Feb 4, 2026

Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that... High Unreviewed

CVE-2022-50902 was published Jan 14, 2026

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated... High Unreviewed

CVE-2025-1545 was published Dec 5, 2025

A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by... Moderate Unreviewed

CVE-2025-12921 was published Nov 10, 2025

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. ... High Unreviewed

CVE-2025-24404 was published Sep 9, 2025

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate... High Unreviewed

CVE-2020-0646 was published May 24, 2022

Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML... Moderate Unreviewed

CVE-2025-7473 was published Oct 21, 2025

An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1... Moderate Unreviewed

CVE-2025-60833 was published Oct 8, 2025

An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 7... Moderate Unreviewed

CVE-2025-47184 was published Aug 21, 2025

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection... Moderate Unreviewed

CVE-2025-54251 was published Sep 9, 2025

ALIN MDaemon Security Gateway through 8.5.0 allows XML Injection. Moderate Unreviewed

CVE-2022-25356 was published Apr 6, 2022

XML Injection vulnerability in xmltodict allows Input Data Manipulation.This issue affects... Moderate Unreviewed

CVE-2025-9375 was published Sep 5, 2025

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection... High Unreviewed

CVE-2025-49538 was published Jul 8, 2025

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox.... Critical Unreviewed

CVE-2021-4140 was published Dec 22, 2022

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java... Moderate Unreviewed

CVE-2025-25589 was published Mar 18, 2025

A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security... Moderate Unreviewed

CVE-2024-2645 was published Mar 20, 2024

A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application... Moderate Unreviewed

CVE-2024-2648 was published Mar 20, 2024

IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8... High Unreviewed

CVE-2024-47113 was published Jan 18, 2025

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved... Critical Unreviewed

CVE-2024-25413 was published Feb 16, 2024

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible... High Unreviewed

CVE-2024-34740 was published Aug 16, 2024

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed

CVE-2024-53675 was published Nov 27, 2024

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed

CVE-2024-53674 was published Nov 27, 2024

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow... High Unreviewed

CVE-2024-11622 was published Nov 27, 2024

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while... Moderate Unreviewed

CVE-2024-33858 was published May 7, 2024

Previous1…4 Next

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

85 advisories