Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

101 advisories

Loading
Nexus Repository Manager 3 - Remote Code Execution High
CVE-2020-10199 was published for org.sonatype.nexus:nexus-extdirect (Maven) Apr 14, 2020
Expression Language Injection in Apache Struts Critical
CVE-2021-31805 was published for org.apache.struts:struts2-core (Maven) Apr 13, 2022
SpEL Injection in Spring Data MongoDB Critical
CVE-2022-22980 was published for org.springframework.data:spring-data-mongodb (Maven) Jun 24, 2022
rthorpeii
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution Critical
CVE-2022-23463 was published for com.nepxion:discovery (Maven) Sep 25, 2022
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and... Moderate Unreviewed
CVE-2020-3956 was published May 24, 2022
RichFaces vulnerable to Expression Language Injection Critical
CVE-2018-12532 was published for org.richfaces:richfaces-core (Maven) May 13, 2022
Arbitrary code execution in Richfaces Critical
CVE-2018-12533 was published for org.richfaces:richfaces-core (Maven) May 13, 2022
A comparefilesresult expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7144 was published May 24, 2022
A faultdevparasset expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7143 was published May 24, 2022
A ictexpertcsvdownload expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7149 was published May 24, 2022
A faulttrapgroupselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7151 was published May 24, 2022
A faultparasset expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7152 was published May 24, 2022
A faultinfo_content expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7156 was published May 24, 2022
A perfselecttask expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7158 was published May 24, 2022
A iccselectcommand expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7165 was published May 24, 2022
A quicktemplateselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7167 was published May 24, 2022
A selectusergroup expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7168 was published May 24, 2022
A select expression language injection remote code execution vulnerability was discovered in HPE... Critical Unreviewed
CVE-2020-7170 was published May 24, 2022
A actionselectcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7173 was published May 24, 2022
A soapconfigcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7174 was published May 24, 2022
A viewtaskresultdetailfact expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7176 was published May 24, 2022
A thirdpartyperfselecttask expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7179 was published May 24, 2022
A sshconfig expression language injection remote code execution vulnerability was discovered in... High Unreviewed
CVE-2020-7182 was published May 24, 2022
A faultflasheventselectfact expression language injectionremote code execution vulnerability was... High Unreviewed
CVE-2020-7189 was published May 24, 2022
A deviceselect expression language injection remote code execution vulnerability was discovered... High Unreviewed
CVE-2020-7190 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database