Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

100 advisories

A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by... Moderate Unreviewed
CVE-2024-7552 was published Aug 6, 2024
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris... High Unreviewed
CVE-2024-5828 was published Aug 6, 2024
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51593 was published May 3, 2024
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code... High Unreviewed
CVE-2024-0715 was published Feb 20, 2024
Archive, check and export commands in Chef InSpec prior to 4.56.58 and 5.22.29 allow local... High Unreviewed
CVE-2023-42658 was published Oct 31, 2023
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux,... Critical Unreviewed
CVE-2022-4146 was published Jul 18, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-45855 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-42009 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Apache Jena Expression Language Injection vulnerability High
CVE-2023-32200 was published for org.apache.jena:jena (Maven) Jul 12, 2023
Arbitrary javascript injection in Apache Jena Moderate
CVE-2023-22665 was published for org.apache.jena:jena (Maven) Apr 25, 2023
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2023-27821 was published Mar 28, 2023
Spring Framework vulnerable to denial of service via specially crafted SpEL expression Moderate
CVE-2023-20861 was published for org.springframework:spring-expression (Maven) Mar 23, 2023
amita-seal sunSUNQ
Liima before 1.17.28 allows server-side template injection. Critical Unreviewed
CVE-2023-26092 was published Feb 20, 2023
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration Moderate
CVE-2022-23504 was published for typo3/cms (Composer) Dec 13, 2022
ohader
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution Critical
CVE-2022-23463 was published for com.nepxion:discovery (Maven) Sep 25, 2022
A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 ... Moderate Unreviewed
CVE-2022-34466 was published Jul 13, 2022
SpEL Injection in Spring Data MongoDB Critical
CVE-2022-22980 was published for org.springframework.data:spring-data-mongodb (Maven) Jun 24, 2022
rthorpeii
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access... High Unreviewed
CVE-2021-32834 was published May 24, 2022
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList... High Unreviewed
CVE-2020-26565 was published May 24, 2022
A iccselectrules expression language injection remote code execution vulnerability was discovered... High Unreviewed
CVE-2020-7195 was published May 24, 2022
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7194 was published May 24, 2022
A reportpage index expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7187 was published May 24, 2022
A deviceselect expression language injection remote code execution vulnerability was discovered... High Unreviewed
CVE-2020-7190 was published May 24, 2022
A userselectpagingcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7188 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API