GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
101 advisories
Filter by severity
Nexus Repository Manager 3 - Remote Code Execution
High
CVE-2020-10199
was published
for
org.sonatype.nexus:nexus-extdirect
(Maven)
Apr 14, 2020
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
Expression Language Injection in Apache Syncope
Critical
CVE-2020-1959
was published
for
org.apache.syncope:syncope-core
(Maven)
Jun 16, 2021
Improper Input Validation in Jakarta Expression Language
Moderate
CVE-2021-28170
was published
for
com.sun.el:el-ri
(Maven)
Oct 6, 2021
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Remote code execution in Apache Struts
Critical
CVE-2020-17530
was published
for
org.apache.struts:struts2-core
(Maven)
Feb 9, 2022
Expression Language Injection in Netflix Conductor
Critical
CVE-2020-9296
was published
for
com.netflix.conductor:conductor-core
(Maven)
Feb 10, 2022
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
Critical
CVE-2022-22947
was published
for
org.springframework.cloud:spring-cloud-gateway
(Maven)
Mar 4, 2022
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
Critical
CVE-2022-22963
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Apr 3, 2022
Expression Language Injection in Apache Struts
Critical
CVE-2021-31805
was published
for
org.apache.struts:struts2-core
(Maven)
Apr 13, 2022
Improper Input Validation in GeoServer
High
CVE-2022-24847
was published
for
org.geoserver:gs-main
(Maven)
Apr 22, 2022
Apache Tiles Vulnerable to XSS via EL Expression Injection
Moderate
CVE-2009-1275
was published
for
org.apache.tiles:tiles-core
(Maven)
May 2, 2022
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the...
High
Unreviewed
CVE-2019-9041
was published
May 13, 2022
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
High
Unreviewed
CVE-2018-16621
was published
May 13, 2022
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and...
Critical
Unreviewed
CVE-2019-5916
was published
May 13, 2022
RichFaces vulnerable to Expression Language Injection
Critical
CVE-2018-12532
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
Arbitrary code execution in Richfaces
Critical
CVE-2018-12533
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat...
Moderate
Unreviewed
CVE-2010-1871
was published
May 17, 2022
Apache MyFaces Vulnerable to EL Injection
High
CVE-2011-4343
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
May 17, 2022
An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11,...
Moderate
Unreviewed
CVE-2019-11628
was published
May 24, 2022
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and...
Moderate
Unreviewed
CVE-2020-3956
was published
May 24, 2022
A syslogtempletselectwin expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-24651
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API