Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
Expression Language Injection in Apache Struts Critical
CVE-2021-31805 was published for org.apache.struts:struts2-core (Maven) Apr 13, 2022
SpEL Injection in Spring Data MongoDB Critical
CVE-2022-22980 was published for org.springframework.data:spring-data-mongodb (Maven) Jun 24, 2022
rthorpeii
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution Critical
CVE-2022-23463 was published for com.nepxion:discovery (Maven) Sep 25, 2022
RichFaces vulnerable to Expression Language Injection Critical
CVE-2018-12532 was published for org.richfaces:richfaces-core (Maven) May 13, 2022
Arbitrary code execution in Richfaces Critical
CVE-2018-12533 was published for org.richfaces:richfaces-core (Maven) May 13, 2022
A selectusergroup expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7168 was published May 24, 2022
A faultparasset expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7152 was published May 24, 2022
A faulttrapgroupselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7151 was published May 24, 2022
A perfselecttask expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7158 was published May 24, 2022
A comparefilesresult expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7144 was published May 24, 2022
A faultdevparasset expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7143 was published May 24, 2022
A select expression language injection remote code execution vulnerability was discovered in HPE... Critical Unreviewed
CVE-2020-7170 was published May 24, 2022
A quicktemplateselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7167 was published May 24, 2022
A ictexpertcsvdownload expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7149 was published May 24, 2022
A faultinfo_content expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7156 was published May 24, 2022
A iccselectcommand expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7165 was published May 24, 2022
A chooseperfview expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7145 was published May 24, 2022
A operatorgrouptreeselectcontent expression language injection remote code execution... Critical Unreviewed
CVE-2020-7166 was published May 24, 2022
A deployselectbootrom expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7147 was published May 24, 2022
A eventinfo_content expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7142 was published May 24, 2022
A legend expression language injection remote code execution vulnerability was discovered in HPE... Critical Unreviewed
CVE-2020-24650 was published May 24, 2022
A faultstatchoosefaulttype expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7150 was published May 24, 2022
A iccselectdevtype expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7153 was published May 24, 2022
A selviewnavcontent expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7157 was published May 24, 2022
A customtemplateselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7159 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database