Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris... High Unreviewed
CVE-2024-5828 was published Aug 6, 2024
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code... High Unreviewed
CVE-2024-0715 was published Feb 20, 2024
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Apache MyFaces Vulnerable to EL Injection High
CVE-2011-4343 was published for org.apache.myfaces.core:myfaces-core-module (Maven) May 17, 2022
Archive, check and export commands in Chef InSpec prior to 4.56.58 and 5.22.29 allow local... High Unreviewed
CVE-2023-42658 was published Oct 31, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-45855 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Apache Jena Expression Language Injection vulnerability High
CVE-2023-32200 was published for org.apache.jena:jena (Maven) Jul 12, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-42009 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Improper Input Validation in GeoServer High
CVE-2022-24847 was published for org.geoserver:gs-main (Maven) Apr 22, 2022
kurt-r2c
Remote Code Execution in SCIMono High
CVE-2021-21479 was published for com.sap.scimono:scimono-server (Maven) Feb 10, 2021
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. High Unreviewed
CVE-2018-16621 was published May 13, 2022
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the... High Unreviewed
CVE-2019-9041 was published May 13, 2022
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access... High Unreviewed
CVE-2021-32834 was published May 24, 2022
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList... High Unreviewed
CVE-2020-26565 was published May 24, 2022
A tvxlanlegend expression language injection remote code execution vulnerability was discovered... High Unreviewed
CVE-2020-7185 was published May 24, 2022
A reportpage index expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7187 was published May 24, 2022
A userselectpagingcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7188 was published May 24, 2022
A smsrulesdownload expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7181 was published May 24, 2022
A forwardredirect expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7183 was published May 24, 2022
A wmiconfigcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7177 was published May 24, 2022
A ictexpertdownload expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7180 was published May 24, 2022
A devicethresholdconfig expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7192 was published May 24, 2022
A mediaforaction expression language injection remote code execution vulnerability was discovered... High Unreviewed
CVE-2020-7178 was published May 24, 2022
A devsoftsel expression language injection remote code execution vulnerability was discovered in... High Unreviewed
CVE-2020-7191 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database