GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability....
Critical
Unreviewed
CVE-2023-51593
was published
May 3, 2024
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux,...
Critical
Unreviewed
CVE-2022-4146
was published
Jul 18, 2023
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
Critical
CVE-2022-22947
was published
for
org.springframework.cloud:spring-cloud-gateway
(Maven)
Mar 4, 2022
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
Critical
CVE-2022-22963
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Apr 3, 2022
Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the...
Critical
Unreviewed
CVE-2023-27821
was published
Mar 28, 2023
Liima before 1.17.28 allows server-side template injection.
Critical
Unreviewed
CVE-2023-26092
was published
Feb 20, 2023
Expression Language Injection in Apache Syncope
Critical
CVE-2020-1959
was published
for
org.apache.syncope:syncope-core
(Maven)
Jun 16, 2021
Expression Language Injection in Netflix Conductor
Critical
CVE-2020-9296
was published
for
com.netflix.conductor:conductor-core
(Maven)
Feb 10, 2022
Remote code execution in Apache Struts
Critical
CVE-2020-17530
was published
for
org.apache.struts:struts2-core
(Maven)
Feb 9, 2022
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and...
Critical
Unreviewed
CVE-2019-5916
was published
May 13, 2022
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-24652
was published
May 24, 2022
A adddevicetoview expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7141
was published
May 24, 2022
A operationselect expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7164
was published
May 24, 2022
A ifviewselectpage expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7154
was published
May 24, 2022
A operatorgroupselectcontent expression language injection remote code execution vulnerability...
Critical
Unreviewed
CVE-2020-7162
was published
May 24, 2022
A syslogtempletselectwin expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-24651
was published
May 24, 2022
A devgroupselect expression language injection remote code execution vulnerability was discovered...
Critical
Unreviewed
CVE-2020-7146
was published
May 24, 2022
A select expression language injection remote code execution vulnerability was discovered in HPE...
Critical
Unreviewed
CVE-2020-7155
was published
May 24, 2022
A reporttaskselect expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7161
was published
May 24, 2022
A navigationto expression language injection remote code execution vulnerability was discovered...
Critical
Unreviewed
CVE-2020-7163
was published
May 24, 2022
A ictexpertcsvdownload expression language injection remote code execution vulnerability was...
Critical
Unreviewed
CVE-2020-7169
was published
May 24, 2022
A legend expression language injection remote code execution vulnerability was discovered in HPE...
Critical
Unreviewed
CVE-2020-24650
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API