Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

115 advisories

Loading
Magento has an XML Injection vulnerability Critical
CVE-2021-36028 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Module Critical
CVE-2021-36033 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Update Layout High
CVE-2021-36022 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the 'City' field High
CVE-2021-36020 was published for magento/community-edition (Composer) May 24, 2022
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. ... High Unreviewed
CVE-2025-24404 was published Sep 9, 2025
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate... High Unreviewed
CVE-2020-0646 was published May 24, 2022
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML... Moderate Unreviewed
CVE-2025-7473 was published Oct 21, 2025
An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1... Moderate Unreviewed
CVE-2025-60833 was published Oct 8, 2025
MinIO Java Client XML Tag Value Substitution Vulnerability High
CVE-2025-59952 was published for io.minio:minio (Maven) Sep 29, 2025
Tanguy-Boisset pyguerder
Credited to Tanguy-Boisset and pyguerder
An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 7... Moderate Unreviewed
CVE-2025-47184 was published Aug 21, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection... Moderate Unreviewed
CVE-2025-54251 was published Sep 9, 2025
ALIN MDaemon Security Gateway through 8.5.0 allows XML Injection. Moderate Unreviewed
CVE-2022-25356 was published Apr 6, 2022
XML Injection vulnerability in xmltodict allows Input Data Manipulation.This issue affects... Moderate Unreviewed
CVE-2025-9375 was published Sep 5, 2025
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection... High Unreviewed
CVE-2025-49538 was published Jul 8, 2025
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox.... Critical Unreviewed
CVE-2021-4140 was published Dec 22, 2022
An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java... Moderate Unreviewed
CVE-2025-25589 was published Mar 18, 2025
XXE in PHPSpreadsheet due to encoding issue High
CVE-2018-19277 was published for phpoffice/phpexcel (Composer) Nov 20, 2019
MarkLee131
Credited to MarkLee131
Magento Open Source allows XML Injection Low
CVE-2023-38207 was published for magento/community-edition (Composer) Aug 9, 2023
Magento Open Source allows XML Injection Moderate
CVE-2023-29289 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows XML Injection High
CVE-2023-22247 was published for magento/community-edition (Composer) Mar 27, 2023
Apache Ivy External Entity Reference vulnerability High
CVE-2022-46751 was published for org.apache.ivy:ivy (Maven) Aug 21, 2023
Magento XPath Injection Critical
CVE-2021-21025 was published for magento/community-edition (Composer) May 24, 2022
A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security... Moderate Unreviewed
CVE-2024-2645 was published Mar 20, 2024
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application... Moderate Unreviewed
CVE-2024-2648 was published Mar 20, 2024
IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8... High Unreviewed
CVE-2024-47113 was published Jan 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database