Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

74 advisories

Loading
A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be... Moderate Unreviewed
CVE-2024-9672 was published Dec 10, 2024
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by... Moderate Unreviewed
CVE-2024-7552 was published Aug 6, 2024
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris... High Unreviewed
CVE-2024-5828 was published Aug 6, 2024
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51593 was published May 3, 2024
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code... High Unreviewed
CVE-2024-0715 was published Feb 20, 2024
Archive, check and export commands in Chef InSpec prior to 4.56.58 and 5.22.29 allow local... High Unreviewed
CVE-2023-42658 was published Oct 31, 2023
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux,... Critical Unreviewed
CVE-2022-4146 was published Jul 18, 2023
Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2023-27821 was published Mar 28, 2023
Liima before 1.17.28 allows server-side template injection. Critical Unreviewed
CVE-2023-26092 was published Feb 20, 2023
A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 ... Moderate Unreviewed
CVE-2022-34466 was published Jul 13, 2022
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access... High Unreviewed
CVE-2021-32834 was published May 24, 2022
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList... High Unreviewed
CVE-2020-26565 was published May 24, 2022
A iccselectrules expression language injection remote code execution vulnerability was discovered... High Unreviewed
CVE-2020-7195 was published May 24, 2022
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7194 was published May 24, 2022
A tvxlanlegend expression language injection remote code execution vulnerability was discovered... High Unreviewed
CVE-2020-7185 was published May 24, 2022
A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability... High Unreviewed
CVE-2020-7184 was published May 24, 2022
A powershellconfigcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7186 was published May 24, 2022
A reportpage index expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7187 was published May 24, 2022
A userselectpagingcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7188 was published May 24, 2022
A faultflasheventselectfact expression language injectionremote code execution vulnerability was... High Unreviewed
CVE-2020-7189 was published May 24, 2022
A devsoftsel expression language injection remote code execution vulnerability was discovered in... High Unreviewed
CVE-2020-7191 was published May 24, 2022
A deviceselect expression language injection remote code execution vulnerability was discovered... High Unreviewed
CVE-2020-7190 was published May 24, 2022
A devicethresholdconfig expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7192 was published May 24, 2022
A ictexpertcsvdownload expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7193 was published May 24, 2022
A iccselectdymicparam expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7175 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database