Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
A deployselectsoftware expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7148 was published May 24, 2022
A iccselectdeviceseries expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7160 was published May 24, 2022
A ictexpertcsvdownload expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7169 was published May 24, 2022
A reporttaskselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7161 was published May 24, 2022
A navigationto expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7163 was published May 24, 2022
A operationselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7164 was published May 24, 2022
A devgroupselect expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7146 was published May 24, 2022
A syslogtempletselectwin expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-24651 was published May 24, 2022
A adddevicetoview expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7141 was published May 24, 2022
A operatorgroupselectcontent expression language injection remote code execution vulnerability... Critical Unreviewed
CVE-2020-7162 was published May 24, 2022
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-24652 was published May 24, 2022
A ifviewselectpage expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7154 was published May 24, 2022
A select expression language injection remote code execution vulnerability was discovered in HPE... Critical Unreviewed
CVE-2020-7155 was published May 24, 2022
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and... Critical Unreviewed
CVE-2019-5916 was published May 13, 2022
Remote code execution in Apache Struts Critical
CVE-2020-17530 was published for org.apache.struts:struts2-core (Maven) Feb 9, 2022
Expression Language Injection in Netflix Conductor Critical
CVE-2020-9296 was published for com.netflix.conductor:conductor-core (Maven) Feb 10, 2022
Expression Language Injection in Apache Syncope Critical
CVE-2020-1959 was published for org.apache.syncope:syncope-core (Maven) Jun 16, 2021
Liima before 1.17.28 allows server-side template injection. Critical Unreviewed
CVE-2023-26092 was published Feb 20, 2023
Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2023-27821 was published Mar 28, 2023
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression Critical
CVE-2022-22963 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Apr 3, 2022
Tsuki124
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured Critical
CVE-2022-22947 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Mar 4, 2022
jbmagination
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux,... Critical Unreviewed
CVE-2022-4146 was published Jul 18, 2023
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51593 was published May 3, 2024
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database