GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
101 advisories
Filter by severity
A faultflasheventselectfact expression language injectionremote code execution vulnerability was...
High
Unreviewed
CVE-2020-7189
was published
May 24, 2022
A ictexpertcsvdownload expression language injection remote code execution vulnerability was...
High
Unreviewed
CVE-2020-7193
was published
May 24, 2022
A deviceselect expression language injection remote code execution vulnerability was discovered...
High
Unreviewed
CVE-2020-7190
was published
May 24, 2022
A perfselecttask expression language injection remote code execution vulnerability was discovered...
Critical
Unreviewed
CVE-2020-7158
was published
May 24, 2022
A soapconfigcontent expression language injection remote code execution vulnerability was...
High
Unreviewed
CVE-2020-7174
was published
May 24, 2022
A sshconfig expression language injection remote code execution vulnerability was discovered in...
High
Unreviewed
CVE-2020-7182
was published
May 24, 2022
A ictexpertcsvdownload expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7149
was published
May 24, 2022
A iccselectcommand expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7165
was published
May 24, 2022
A viewtaskresultdetailfact expression language injection remote code execution vulnerability was...
High
Unreviewed
CVE-2020-7176
was published
May 24, 2022
A quicktemplateselect expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7167
was published
May 24, 2022
A selectusergroup expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7168
was published
May 24, 2022
A faultparasset expression language injection remote code execution vulnerability was discovered...
Critical
Unreviewed
CVE-2020-7152
was published
May 24, 2022
A actionselectcontent expression language injection remote code execution vulnerability was...
High
Unreviewed
CVE-2020-7173
was published
May 24, 2022
A faulttrapgroupselect expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7151
was published
May 24, 2022
A thirdpartyperfselecttask expression language injection remote code execution vulnerability was...
High
Unreviewed
CVE-2020-7179
was published
May 24, 2022
A faultinfo_content expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7156
was published
May 24, 2022
A comparefilesresult expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7144
was published
May 24, 2022
A faultdevparasset expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7143
was published
May 24, 2022
A select expression language injection remote code execution vulnerability was discovered in HPE...
Critical
Unreviewed
CVE-2020-7170
was published
May 24, 2022
Arbitrary code execution in Richfaces
Critical
CVE-2018-12533
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
RichFaces vulnerable to Expression Language Injection
Critical
CVE-2018-12532
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and...
Moderate
Unreviewed
CVE-2020-3956
was published
May 24, 2022
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
Critical
CVE-2022-23463
was published
for
com.nepxion:discovery
(Maven)
Sep 25, 2022
SpEL Injection in Spring Data MongoDB
Critical
CVE-2022-22980
was published
for
org.springframework.data:spring-data-mongodb
(Maven)
Jun 24, 2022
Expression Language Injection in Apache Struts
Critical
CVE-2021-31805
was published
for
org.apache.struts:struts2-core
(Maven)
Apr 13, 2022
ProTip!
Advisories are also available from the
GraphQL API