GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
15 advisories
Filter by severity
It has been discovered that redhat-certification does not properly limit the number of recursive...
High
Unreviewed
CVE-2018-10868
was published
May 24, 2022
OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack...
High
Unreviewed
CVE-2021-40511
was published
Jun 22, 2022
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege...
High
Unreviewed
CVE-2022-34430
was published
Oct 11, 2022
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing...
High
Unreviewed
CVE-2020-25186
was published
May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument...
High
Unreviewed
CVE-2021-28302
was published
May 24, 2022
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity...
High
Unreviewed
CVE-2021-20453
was published
May 24, 2022
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different...
High
Unreviewed
CVE-2021-38490
was published
May 24, 2022
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the...
High
Unreviewed
CVE-2023-49967
was published
Dec 7, 2023
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which...
High
Unreviewed
CVE-2003-1564
was published
Apr 29, 2022
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This...
High
Unreviewed
CVE-2022-42745
was published
Nov 4, 2022
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion,...
High
Unreviewed
CVE-2011-3288
was published
May 17, 2022
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur...
High
Unreviewed
CVE-2020-9352
was published
May 24, 2022
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that...
High
Unreviewed
CVE-2015-9541
was published
May 24, 2022
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with...
High
Unreviewed
CVE-2020-3946
was published
May 24, 2022
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including...
High
Unreviewed
CVE-2024-28982
was published
Jun 27, 2024
ProTip!
Advisories are also available from the
GraphQL API