GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
Critical
CVE-2022-23463
was published
for
com.nepxion:discovery
(Maven)
Sep 25, 2022
SpEL Injection in Spring Data MongoDB
Critical
CVE-2022-22980
was published
for
org.springframework.data:spring-data-mongodb
(Maven)
Jun 24, 2022
RichFaces vulnerable to Expression Language Injection
Critical
CVE-2018-12532
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
Arbitrary code execution in Richfaces
Critical
CVE-2018-12533
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
Expression Language Injection in Apache Struts
Critical
CVE-2021-31805
was published
for
org.apache.struts:struts2-core
(Maven)
Apr 13, 2022
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
Critical
CVE-2022-22963
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Apr 3, 2022
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
Critical
CVE-2022-22947
was published
for
org.springframework.cloud:spring-cloud-gateway
(Maven)
Mar 4, 2022
Expression Language Injection in Netflix Conductor
Critical
CVE-2020-9296
was published
for
com.netflix.conductor:conductor-core
(Maven)
Feb 10, 2022
Remote code execution in Apache Struts
Critical
CVE-2020-17530
was published
for
org.apache.struts:struts2-core
(Maven)
Feb 9, 2022
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Expression Language Injection in Apache Syncope
Critical
CVE-2020-1959
was published
for
org.apache.syncope:syncope-core
(Maven)
Jun 16, 2021
ProTip!
Advisories are also available from the
GraphQL API