GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
101 advisories
Filter by severity
A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be...
Moderate
Unreviewed
CVE-2024-9672
was published
Dec 10, 2024
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Moderate
CVE-2022-23504
was published
for
typo3/cms
(Composer)
Dec 13, 2022
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by...
Moderate
Unreviewed
CVE-2024-7552
was published
Aug 6, 2024
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris...
High
Unreviewed
CVE-2024-5828
was published
Aug 6, 2024
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat...
Moderate
Unreviewed
CVE-2010-1871
was published
May 17, 2022
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability....
Critical
Unreviewed
CVE-2023-51593
was published
May 3, 2024
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux,...
Critical
Unreviewed
CVE-2022-4146
was published
Jul 18, 2023
An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11,...
Moderate
Unreviewed
CVE-2019-11628
was published
May 24, 2022
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
Moderate
CVE-2023-20861
was published
for
org.springframework:spring-expression
(Maven)
Mar 23, 2023
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code...
High
Unreviewed
CVE-2024-0715
was published
Feb 20, 2024
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Apache Tiles Vulnerable to XSS via EL Expression Injection
Moderate
CVE-2009-1275
was published
for
org.apache.tiles:tiles-core
(Maven)
May 2, 2022
Apache MyFaces Vulnerable to EL Injection
High
CVE-2011-4343
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
May 17, 2022
Archive, check and export commands in Chef InSpec
prior to 4.56.58 and 5.22.29 allow local...
High
Unreviewed
CVE-2023-42658
was published
Oct 31, 2023
Arbitrary javascript injection in Apache Jena
Moderate
CVE-2023-22665
was published
for
org.apache.jena:jena
(Maven)
Apr 25, 2023
Apache Ambari Expression Language Injection vulnerability
High
CVE-2022-45855
was published
for
org.apache.ambari:ambari
(Maven)
Jul 12, 2023
Apache Jena Expression Language Injection vulnerability
High
CVE-2023-32200
was published
for
org.apache.jena:jena
(Maven)
Jul 12, 2023
Apache Ambari Expression Language Injection vulnerability
High
CVE-2022-42009
was published
for
org.apache.ambari:ambari
(Maven)
Jul 12, 2023
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
Critical
CVE-2022-22947
was published
for
org.springframework.cloud:spring-cloud-gateway
(Maven)
Mar 4, 2022
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
Critical
CVE-2022-22963
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Apr 3, 2022
A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 ...
Moderate
Unreviewed
CVE-2022-34466
was published
Jul 13, 2022
ProTip!
Advisories are also available from the
GraphQL API